A new report by Fortinet and IDC paints a sobering picture of India’s rapidly evolving cybersecurity landscape, driven by the rise of AI-enabled attacks and a growing gap between risk and readiness. The study based on responses from 550 IT and security leaders across 11 Asia-Pacific markets, including India highlights a shift in the nature, scale, and subtlety of threats that are now overwhelming traditional security architectures.
AI Joins the Cybercrime Arsenal
According to the report, 72% of Indian organizations have already faced AI-powered cyber threats over the past year. These threats are not just more frequent they’re becoming faster, stealthier and harder to detect. The rise in AI-assisted brute-force attacks, deepfake-driven impersonation, and polymorphic malware is forcing organizations to confront a chilling reality: machine-speed attacks are now outpacing human-speed defences.
Yet, despite this surge, preparedness remains low. Only 14% of firms in India feel very confident in their ability to handle AI-powered threats. A worrying 21% report having no visibility at all into AI-generated attacks exposing a major gap in detection capabilities at a time when digital infrastructure is more critical than ever.
Risk is a Constant, Not an Episode
The Fortinet-IDC study reframes cybersecurity as a permanent state of exposure, rather than a series of isolated incidents. The most reported threats include software supply chain compromises (64%), cloud vulnerabilities (60%), phishing (54%) and unpatched or zero-day exploits (50%). Notably, traditional threats like malware and phishing continue to grow, but more complex threats especially insider risks, cloud misconfigurations and supply chain gaps are viewed as more damaging due to their stealthy nature.
This echoes recent alerts from global threat intelligence hubs, including MITRE and CERT-In, which note that attacks are shifting inward, targeting identity systems, misconfigured cloud workloads and human error over brute intrusion.
Cyber Teams Are Under Strain
India’s cybersecurity teams are increasingly stretched thin. The study finds that just 7% of an organization’s workforce is in IT, with cybersecurity teams forming only a fraction of that. In practice, that means fewer than one cybersecurity expert per 100 employees, with most organizations combining cyber roles with broader IT responsibilities. The consequences? Burnout, skill gaps and rising alert fatigue especially as 54% of teams report being overwhelmed by the volume of threats.
As Simon Piff, Research VP at IDC Asia-Pacific, notes: “We’re in a threat landscape where AI is not just amplifying attacks but making them harder to trace. Reactive security won’t cut it anymore.”
Investment Rising, but Still Behind the Curve
The good news: cybersecurity budgets in India are growing. Nearly 80% of surveyed organizations reported increased spending. The not-so-good news: most of these increases are below 10%, and security still consumes only around 1.4% of total revenue. That’s disproportionately low considering the business impact of breaches 56% of firms have experienced financial loss, with one in five suffering hits over $500,000.
Strategically, Indian enterprises are shifting investment priorities from infrastructure-heavy buys to smarter, risk-based approaches: identity and network security, zero trust architectures, cyber resilience and cloud-native protection top the list. Yet critical areas like OT/IoT security and security training remain underfunded.
Platform-Led Defence
Fortinet advocates a platform-based model that converges networking and security to address tool sprawl and boost detection speed. The report finds 88% of Indian organizations are evaluating or already embracing this convergence, recognizing that fragmented tools create visibility gaps attackers can exploit. Vendor consolidation is now viewed not only as a cost-saving measure but as a strategic necessity for unified visibility and faster response.
As Fortinet India & SAARC Country Manager Vivek Srivastava puts it, “Speed, simplicity, and strategy matter more than ever. AI is both the threat and the defence and organizations need security built for that duality.”
India’s digital economy is booming, but so is its exposure. With AI transforming both the threat landscape and the tools available to fight it, the need for proactive, intelligence-driven cybersecurity has never been more urgent. The Fortinet-IDC report is a wake-up call for enterprises, policymakers and tech leaders: in the age of AI warfare, standing still is not an option.Read more Fortinet-IDC Survey Summary
