AI-driven cyber threats reshapes enterprise cybersecurity spending in India

As enterprises adopt AI at scale, cybersecurity spending is shifting from compliance and perimeter defence to identity protection, AI governance, cloud security, and continuous threat monitoring

Corporate India's approach to cybersecurity is evolving. Before the artificial intelligence (AI) wave gripped the sector, enterprise investments were largely concentrated on perimeter security, network protection, and compliance-driven tools. Now, organisations are reassessing how they secure digital infrastructure, applications, and sensitive data as AI becomes increasingly embedded in enterprise operations.

How is AI making cyberattacks more sophisticated?

The Indian Computer Emergency Response Team (CERT-In), in its Advisory CIAD-2026-0020, has warned that advances in frontier AI systems are significantly enhancing cyber capabilities. According to the advisory, these systems can identify software vulnerabilities, analyse source code, plan multi-stage attacks, and automate exploitation workflows. 

 

CERT-In also cautioned that AI can generate increasingly convincing phishing emails and social-engineering content, lowering the barriers for cybercriminals and increasing the need for stronger security controls, continuous monitoring, and AI governance across enterprises.

Why are identity attacks becoming a growing security concern?

The Sophos Active Adversary Report 2026 identifies identity attacks as one of the dominant techniques used by cybercriminals. It also found that exploited vulnerabilities remained the leading technical root cause of ransomware incidents for the third consecutive year, accounting for 32 per cent of attacks. 

As a result, enterprises are strengthening identity protection, credential monitoring, and detection capabilities.

How are regulations influencing cybersecurity spending?

Alongside evolving cyber threats, regulatory guidance is also influencing enterprise cybersecurity budgets. In its April 2026 Advisory (CIAD-2026-0020), CERT-In warned that advances in frontier AI systems could significantly enhance cyber capabilities and urged organisations to strengthen cyber preparedness. 

The advisory recommends faster patch management, continuous monitoring of internet-facing systems, stronger vulnerability management, Zero Trust architecture, multi-factor authentication, network segmentation, and incident-response capabilities.

 

As enterprises adopt AI at scale, these recommendations are encouraging organisations to invest more in cybersecurity to meet evolving security expectations and improve resilience against AI-enabled threats. 

READ: JP Morgan's AI scorecard ranks India high on promise, but low on delivery

Why are advanced AI models raising fresh security concerns?

 

The emergence of advanced AI models such as Mythos and Fable, which demonstrate stronger reasoning and increasingly autonomous capabilities, has intensified discussions around how these systems could be misused to support cyber operations.

 

While the models also have legitimate enterprise applications, their ability to automate complex tasks has heightened concerns over AI-assisted cyberattacks, phishing, and social engineering.

 

As AI capabilities continue to evolve, enterprises are increasing investments in AI governance, identity verification, continuous monitoring, and advanced security controls to mitigate emerging cyber risks.

 

The changing cybersecurity landscape marks a shift in enterprise spending priorities across sectors towards identity protection, cloud security, managed detection and response, and continuous threat monitoring.

BFSI

The banking, financial services, and insurance (BFSI) sector handles high-value financial transactions, sensitive customer information, and operates under stringent regulatory requirements. According to the DSCI-BCG report published in May, 67 per cent of Indian BFSI organisations said AI is driving additional cybersecurity spending.

 

The report also found that 64 per cent of chief information security officers (CISOs) identified deepfakes and AI-enabled social engineering as their top security priority, while 69 per cent expressed serious concern over AI-driven cyber risks.

 

The report suggests that AI is becoming one of the key factors influencing cybersecurity spending across the BFSI sector as financial institutions prepare for emerging risks such as AI-enabled fraud, deepfakes, and identity attacks.

Healthcare

India's healthcare sector is strengthening cybersecurity as hospitals and healthcare providers continue to digitise services, adopt electronic health records (EHRs), and expand telemedicine.

 

According to Ken Research, the Indian cybersecurity market for healthcare is valued at $2.5 billion, with growth driven by increasing digitalisation of healthcare services, rising cyber threats, and the need to comply with stricter data-protection requirements.

 

The report notes that implementation of the Digital Personal Data Protection (DPDP) Act has sharpened the focus on securing patient information, requiring healthcare organisations to strengthen how they collect, store, and manage sensitive data.

IT and telecom

India's IT and telecom sector is also witnessing growing cybersecurity investments as operators expand cloud infrastructure, 5G networks, and digital services.

 

According to Grand View Research, the India IT and telecom cybersecurity market generated $1.87 billion in revenue in 2025 and is projected to reach $6.30 billion by 2033.

 

The report notes that hardware accounted for the largest share of the market in 2025, while the services segment is expected to record the fastest growth over the forecast period.

 

The trend reflects increasing demand for managed security services, network protection, and cybersecurity solutions as telecom operators continue to modernise infrastructure and support expanding digital connectivity.

  READ: Corporate cybercrime: Why businesses are becoming prime targets of hackers

Is corporate India spending enough on cybersecurity?

Cybersecurity spending is increasing across Indian enterprises, but available data suggests investment levels may still lag behind the pace of AI adoption and evolving cyber threats.

 

While sectors such as BFSI have traditionally prioritised cybersecurity because of the sensitive financial data they manage and the regulatory requirements they face, AI is further increasing the need for stronger security investments.

 

The DSCI-BCG report, Cybersecurity in the Age of AI for BFSI, indicates that although AI is prompting organisations to allocate more resources to cybersecurity, many Indian financial institutions continue to spend a relatively small share of their IT budgets on cybersecurity compared with their global peers.

 

According to the report, 62 per cent of Indian BFSI organisations allocate less than 10 per cent of their IT budgets to cybersecurity, while 89 per cent of organisations globally spend more than 10 per cent.

 

Although 67 per cent of Indian respondents said AI is driving additional cybersecurity investments, only 19 per cent reported increasing cybersecurity budgets by more than 10 per cent.

 

The findings suggest that cybersecurity investment is moving in the right direction but may not yet be keeping pace with the growing complexity of AI-enabled threats.

 

As enterprises deploy AI across business operations, strengthening identity protection, continuous monitoring, AI governance, and incident-response capabilities is likely to become an increasingly important part of enterprise technology spending rather than a compliance exercise alone.