Zscaler’s newly released global survey, “Unlock theResilience Factor: Why Resilient by Design Is the Next Cyber-Security Imperative,” delivers an unvarnished look at how Indian organisations perceive and actually practise cyber-resilience. Conducted by Sapio Research in December 2024, the study gathered the views of 1,700 IT decision-makers across 12 countries (150 respondents from India), all from enterprises with 500 or more employees.
Confidence vs. Reality
- A striking 97 percent of Indian IT leaders believe their existing security controls are “effective,” yet 67 percent of those same firms suffered a major cyber incident in the past 12 months.
- Looking forward, 59 percent anticipate a significant breach or systems failure in 2025 eclipsing the global average of 60 percent and underscoring a “when-not-if” mindset.
- Despite this recognition, only 53 percent have refreshed their cyber-resilience strategy to address AI-driven attacks and 40 percent have not reviewed their plan in six months or more.
Leadership and Organisational Gaps
- Cyber-resilience ranks as a top three board priority for 57 percent of Indian firms (global: 39 percent). Even so, 70 percent of enterprises do not include their CISO in resilience planning, perpetuating fragmented, tech-heavy approaches.
- Complex infrastructure is the biggest hurdle: 61 percent cite sprawling, legacy architectures as the primary barrier to resilience, ahead of budget (45 percent) and skills shortages (44 percent).
Budget Trends
- Indian companies devote, on average, 15 percent of their IT budget (≈1.4 percent of total revenue) to cyber-security higher than many peers but still modest relative to risk.
- Four out of five expect cyber budgets to climb in 2025, yet most increases remain below 10 percent, pointing to incremental, not transformational, spending.
- Investment is shifting from “heavy iron” perimeter gear to identity security, Zero Trust/SASE, cyber-resilience tooling and cloud-native application protection. OT/IoT defence, DevSecOps and security-awareness training still lag.
Key Technical Findings
- Indian respondents place Zero Trust architecture, identity-centric access control and SASE at the heart of future resilience. Still, fewer than half have implemented Zero Trust micro-segmentation and only 43 percent use proactive threat-hunting to limit breach blast-radius.
- Legacy firewalls and VPNs remain widespread; 56 percent acknowledge they heighten ransomware exposure.
- AI is a double-edged sword: 53 percent see huge value in AI-powered defence, yet most have not realigned strategy to counter adversaries’ own AI capabilities.
Zscaler’s “Resilient by Design” Prescription
The report argues that prevention-first models are obsolete. Instead, resilience must be architected via cloud native, Zero Trust platforms that:
- Minimise the attack surface (no direct network access).
- Prevent initial compromise through continuous risk scoring and adaptive policy.
- Eliminate lateral movement with identity-based segmentation.
- Stop data loss with inline inspection, DLP and encryption.
What It Means for Indian Enterprises
The disconnect between high confidence and low preparedness is stark. Board-level attention has arrived, but strategic execution embedding the CISO in planning, overhauling legacy infrastructure, and funding proactive risk-hunting lags behind. With nearly six in ten leaders bracing for a breach within a year, Indian firms must move from optimistic rhetoric to Zero Trust-anchored, resilience-first operations that treat cyber risk as a core business variable, not an IT afterthought.Original survey:
https://www.zscaler.com/resources/infographics/zscaler-cyber-resilience-factor.pdf1
