Express Computer

Home  »  News  »  Gartner: AI threats and DPDP to push India’s security spend to $3.4B

Gartner: AI threats and DPDP to push India’s security spend to $3.4B

NewsSecurity
By Express Computer
0 9

India’s cybersecurity spending is set to accelerate sharply in 2026 as enterprises confront AI-driven threats, rising identity fraud, and stricter regulatory mandates under the Digital Personal Data Protection (DPDP) Act. According to Gartner, end-user spending on information security in India is expected to reach $3.4 billion in 2026, marking an 11.7% increase over 2025, as organisations shift from reactive protection to more adaptive, identity-centric security strategies.

The forecast reflects a broader change in how Indian enterprises view cybersecurity — no longer as a technology function alone, but as a business risk that directly affects trust, compliance, and operational continuity.

“Security spending in India is set to grow as enterprises confront increasingly sophisticated AI-driven threats while also complying with more stringent regulatory requirements,” said Shailendra Upadhyay, Sr Principal at Gartner.
“CISOs are making a strategic shift toward dynamic and pre-emptive defence models, with identity-first security moving to the top of executive agendas.”

Identity attacks push ‘identity-first security’ to the forefront

One of the biggest drivers of security investments in India is the rapid rise of identity-based attacks. Credential compromise, phishing automation, and deepfake-enabled fraud are expanding the attack surface, forcing organisations to rethink traditional perimeter-based security.

Gartner notes that identity threat detection and response (ITDR) is becoming a core priority as enterprises struggle to protect users, systems, and increasingly, machine identities created by AI and automation.

The urgency is further amplified by India’s DPDP Act, which places stronger accountability on organisations to safeguard personal data and demonstrate governance over access, usage, and storage.

As a result, identity-first security architectures — where identity becomes the primary control layer — are gaining traction across Indian enterprises, particularly in BFSI, telecom, IT services, and digital-first businesses.

Security software remains the fastest-growing segment

Gartner’s forecast shows that security software will remain both the largest and fastest-growing segment in India’s cybersecurity market in 2026.

Spending on security software is expected to grow 12.4%, driven by increased adoption of:

  • Endpoint protection platforms (EPP)

  • Security information and event management (SIEM)

  • Cloud security platforms

  • AI-aware security controls

  • Integrated threat detection tools

As enterprises expand cloud usage and deploy AI workloads, security requirements are also evolving. Cloud protection is no longer limited to infrastructure security but now includes runtime monitoring, AI configuration security, and data protection across hybrid environments.

“Expanding digital operations and rising cyberattacks are pushing organisations to invest more in endpoint, SIEM, and cloud security platforms,” Upadhyay said.
“Cloud security now extends to AI-specific configurations and runtime protection, leading to greater adoption of integrated security platforms.”

Managed security services gain traction amid talent shortage

Security services spending in India is projected to grow 11.1% in 2026, with managed security services emerging as the fastest-growing sub-segment, expected to expand by over 15%.

This growth reflects a persistent challenge in the Indian market — the shortage of skilled cybersecurity professionals.

To manage increasingly complex threat environments without building large in-house teams, enterprises are turning to:

  • Managed Detection and Response (MDR)

  • Security Operations Centre (SOC) services

  • Incident response and forensics support

  • Security architecture consulting

“Indian enterprises are adopting managed security services as they look for scalable and cost-efficient ways to handle the growing complexity of cyber threats,” Upadhyay said.
“These services help organisations maintain strong security posture without heavy investments in specialised talent and infrastructure.”

Demand for advisory services is also rising as organisations redesign security architectures to align with cloud, AI, and regulatory requirements.

DPDP and global regulations reshape the CISO’s role

Beyond technology threats, regulatory pressure is becoming one of the biggest factors influencing cybersecurity spending.

According to Gartner, the implementation of India’s DPDP Act, along with evolving global privacy and AI regulations, is increasing compliance complexity and forcing CISOs to take a more strategic role.

“The combination of AI adoption, regulatory volatility, and geopolitical risks is reshaping the threat environment,” said Alex Michaels, Director Analyst at Gartner.
“Cybersecurity leaders must move beyond a control-centric mindset and position themselves as enablers of secure and scalable business innovation.”

Regulators are also placing greater accountability on boards and senior executives, making cyber risk a leadership issue rather than just a technical one.

Gartner advises organisations to move away from siloed IT-led compliance and instead establish shared accountability across legal, business, procurement, and technology teams.

AI agents expose gaps in identity and access management

Another emerging risk area is the rise of agentic AI and machine identities, which are exposing limitations in traditional identity and access management (IAM) systems.

As autonomous agents, bots, and AI services interact with enterprise systems, organisations must manage not only human users but also non-human identities.

This requires new capabilities such as:

  • Identity registration for machine actors

  • Automated credential lifecycle management

  • Policy-driven access controls for AI agents

  • Continuous monitoring of identity behaviour

Without these controls, enterprises face a higher risk of access-related breaches, especially in automated environments.

Gartner recommends a risk-driven investment approach, focusing on the most critical vulnerabilities while using automation to strengthen controls without slowing innovation.

Cybersecurity moves from defence to resilience

The broader shift reflected in Gartner’s forecast is the move from traditional defence-centric security to resilience-driven cybersecurity.

With AI adoption rising, digital ecosystems expanding, and regulations tightening, Indian enterprises are being forced to design security programs that can adapt quickly to change rather than rely on static controls.

For CISOs, this means balancing three competing priorities

  • Enabling digital innovation

  • Maintaining regulatory compliance

  • Protecting customer trust

As spending rises toward $3.4 billion in 2026, the message from Gartner is clear — cybersecurity in India is no longer just about preventing attacks, but about building organisations that can operate securely in an unpredictable, AI-driven world.

Express Computer

Express Computer is one of India's most respected IT media brands and has been in publication for 24 years running. We cover enterprise technology in all its flavours, including processors, storage, networking, wireless, business applications, cloud computing, analytics, green initiatives and anything that can help companies make the most of their ICT investments. Additionally, we also report on the fast emerging realm of eGovernance in India.

You might also like More from author
Leave A Reply

Your email address will not be published.