NEET, Pune, and the Cybersecurity Problem Nobody Wants to Talk About

For years, India has treated examination leaks as isolated cheating scandals — unfortunate incidents blamed on greedy middlemen, corrupt coaching operators, or weak administrative oversight. But the ongoing NEET-UG leak investigation suggests something far more uncomfortable: India’s examination ecosystem may now be facing the same kind of insider risk and digital governance failures that affect banks, corporations, and even critical infrastructure systems.

The recent arrests linked to Pune — including Manisha Gurunath Mandhare, Manisha Sanjay Havaldar, and Manisha Waghmare, according to public reporting — have drawn national attention not only because of the alleged leak itself, but because of what the case appears to reveal about trust, access, and vulnerability inside India’s education system.

And that is where the real story begins.

This does not currently look like a classic “cyberattack” in the Hollywood sense. There are no reports of sophisticated malware, foreign hackers, or breached government servers. Yet dismissing the cyber angle entirely would be a mistake. Modern cyber-enabled crimes rarely resemble movie-style hacking. Increasingly, they involve the misuse of legitimate access, weak digital controls, and poorly monitored workflows by trusted individuals already inside the system.

That distinction matters.

If the allegations are accurate, then the compromise may not have happened because someone broke into the system. It may have happened because people within the ecosystem allegedly knew how to navigate it, where the blind spots were, and how information could move undetected. In cybersecurity terminology, that is called an insider threat — one of the most difficult forms of compromise to detect or prevent.

Across industries globally, insider threats have become a greater concern than external hacking in many cases. Employees, consultants, vendors, or authorised experts already possess credentials, understand workflows, and know which processes are loosely monitored. They do not need to bypass security if the system already trusts them.

National examinations are particularly vulnerable to this kind of risk because they rely heavily on distributed trust. Question setters, moderators, translators, printers, logistics teams, examination centres, administrators, and technical vendors all become part of a sensitive information chain. Every additional participant increases the attack surface.

And unlike traditional cybersecurity systems, examination ecosystems in India were never historically designed with insider-risk architecture in mind.

That gap is now becoming visible.

One of the most overlooked dimensions of this controversy is the cyber hygiene problem within educational institutions themselves. Many educators across schools, colleges, and examination ecosystems are navigating increasingly digital systems without formal cybersecurity training. Password sharing, personal device usage, unsecured messaging applications, cloud-sharing practices, and informal communication methods remain surprisingly common. In many cases, teachers and academic staff rely on students or junior personnel to navigate digital platforms and administrative systems.

In routine academic settings, this may appear harmless. But in a high-stakes examination environment involving nationally sensitive material, these habits create serious vulnerabilities.

The issue is not about blaming teachers. It is about acknowledging that India has digitised critical examination workflows faster than it has built security awareness around them.

Today, a question setter handling NEET papers is not merely an educator. They are effectively handling high-value, confidential information that can influence the futures of lakhs of students. Yet there is little public discussion about whether such individuals receive structured cyber hygiene training, insider risk awareness education, secure communication protocols, or digital security guidance.

That silence is alarming.

The Pune connection also deserves careful interpretation. Pune is one of India’s largest education and coaching hubs. Dense academic ecosystems naturally create networks of aspirants, institutions, intermediaries, tutors, and coaching operators. Whenever intense competition and high financial incentives coexist, information brokerage ecosystems tend to emerge around them. This is not unique to India or to examinations. Similar dynamics exist globally in sectors where access to privileged information can be monetised.

What makes this case concerning is the possibility that educational ecosystems may now be developing characteristics similar to organised information-leak networks: trusted insiders, intermediaries, compartmentalised communication, and monetisation of privileged access.

In many ways, this resembles how modern cybercrime economies operate.

Cybercrime today is no longer only about stealing financial data. It increasingly revolves around exploiting trust-based systems. Leaked credentials, confidential datasets, privileged access, insider information, and workflow manipulation are all valuable commodities. Examination papers simply become another form of monetizable information.

That is why the NEET controversy should not be viewed solely as a law-and-order issue. It should be treated as a warning about institutional security architecture.

India conducts some of the world’s largest and most competitive examinations. These exams influence admissions, careers, public-sector recruitment, and social mobility. Public trust in these systems is foundational to meritocracy itself. Once confidence in examination integrity begins to weaken, the consequences spread beyond academics into governance credibility and social trust.

The policy response, therefore, cannot remain limited to arrests after leaks occur.

India now needs a serious national conversation about examination cybersecurity and insider risk governance.

Every individual involved in sensitive examination workflows should undergo mandatory cyber hygiene and information-security training. Examination systems should adopt zero-trust access principles where no single person has unrestricted visibility into complete papers. Real-time monitoring, digital watermarking, forensic logging, compartmentalised question creation, controlled device usage, and anomaly detection mechanisms should become standard practices rather than exceptional measures.

Most importantly, policymakers must recognise a difficult reality:

In the digital age, examination integrity is no longer only an educational issue. It is a cybersecurity issue, a governance issue, and increasingly, a national trust issue.

And the NEET controversy may ultimately be remembered as the moment India was forced to confront that reality.