New data reveals an almost universal embrace of artificial intelligence in India’s corporate security
A new survey commissioned by Fortinet and conducted by IDC has revealed that 94 per cent of organisations across India are now actively using artificial intelligence within their cybersecurity frameworks, underscoring a rapid shift away from reactive defences. However, this massive adoption is setting the stage for an intense cyber arms race, with firms struggling to keep pace with the corresponding sophistication of AI-powered attacks.
The study indicates that AI is no longer a strategic project but a core operational necessity, used across functions from automated detection to predictive threat modelling. Yet, the same technology is being exploited by malicious actors, who are launching stealthier and faster campaigns.
“Organisations are no longer experimenting with AI, they are embedding it across threat detection, incident response, and team design,” said Simon Piff, Research Vice-President at IDC Asia-Pacific, signalling a new, more adaptive era of security operations.
Escalating Threat Paradox
The data highlights a significant paradox: while defenders are equipping themselves with AI, attackers are doing the same.
Nearly 72 per cent of Indian organisations reported encountering AI-powered cyber threats in the past year. Of those, a striking 70 per cent reported a twofold increase in threat volume, with 12 per cent seeing a threefold increase. These sophisticated attacks are successfully exploiting visibility gaps and governance flaws within internal processes, proving harder to detect and mitigate.
Despite this intense pressure, organizations are moving beyond simple AI-powered detection and pushing toward advanced use cases like predictive threat modelling and automated incident response.
However, the survey suggests limits to this trust. While generative AI is used for light-touch tasks—such as running playbooks and writing detection rules—use cases requiring fully autonomous action, such as auto-remediation, are not widely deployed. This signals that the sector remains firmly in the “co-pilot” phase, where human oversight is still mandatory for critical decision-making.
Talent Gap & Budget Strain
The rush to secure digital frontiers with AI is placing immense strain on budgets and talent pools.
While 82 per cent of organisations report increased cybersecurity budgets, the majority of those increases are modest, with 64 per cent reporting an uplift of less than 5 per cent. This suggests that funding is primarily covering rising operational and talent costs rather than facilitating radical architectural shifts.
The strategic shift to AI is fundamentally reshaping the workforce, creating demand for entirely new, highly specialised roles. The top five most sought-after positions now include security data scientists, AI security engineers, and AI-specific incident response professionals.
This talent demand collides with severe under-resourcing. The study found that only 13 per cent of an organisation’s internal IT staff is focused on cybersecurity. Furthermore, fewer than one in six organizations have a standalone Chief Information Security Officer (CISO), and only 6 per cent have dedicated teams for security operations and threat hunting.
This lack of specialisation is contributing to complexity and burnout, with more than half of respondents citing an overwhelming surge in threats, compounding the issues of tool sprawl and talent retention.
Consolidation As Survival Strategy
Faced with growing complexity and distributed threats, Indian enterprises are strategically pivoting towards unified architectures. Nearly 88 per cent of respondents are either converging security and networking functions or actively evaluating the strategy.
Vendor consolidation is no longer seen merely as a cost-cutting measure but as a strategic necessity, with 74 per cent of respondents considering reducing their vendor count. The drivers for this consolidation are faster support, better integration, and, critically, an improved overall security posture.
Vivek Srivastava, Country Manager for India & SAARC at Fortinet, noted that CISOs are “entering a more advanced phase of cybersecurity planning—one where AI is not just augmenting defences but influencing how organizations structure teams, allocate budgets, and prioritize threats.”
The findings underline that while India is rapidly building an AI-enabled defence layer, the success of this transformation hinges on whether organizations can structurally and financially support the talent and integration required to manage this new complexity.
