Fortinet announced the findings of a new IDC survey (2025) revealing how organisations across India are rapidly adopting artificial intelligence (AI) as the foundation of their cyber defence strategy.
Commissioned by Fortinet, the study finds that AI has moved beyond the hype cycle to become a critical enabler of speed, accuracy, and scale in security operations — transforming not only how enterprises detect and respond to threats but also how they hire, invest, and design their cybersecurity architectures.
AI’s Growing Influence on the Cyber Landscape
AI is reshaping both offence and defence in cybersecurity. For defenders, it enables faster detection, automated response, and scalable threat intelligence. Yet attackers are also exploiting AI to launch more sophisticated, adaptive, and evasive attacks.
According to the IDC study, 72% of Indian organisations encountered AI-powered cyber threats over the past year. Of these, 70% reported a twofold increase and 12% a threefold increase in threat volumes. These AI-driven attacks are often harder to detect, exploiting blind spots in visibility, governance, and internal processes.
AI Adoption Accelerates from Pilot to Production
AI is no longer a future aspiration — it’s an operational reality. The study shows that 94% of organisations in India are already deploying AI within their security environments.
Enterprises are progressing beyond AI-assisted detection to embrace advanced use cases such as:
Automated response
Predictive threat modelling
AI-driven incident response
AI-powered threat intelligence
Behavioural analytics
These use cases highlight a shift from basic detection to predictive and orchestrated defence models.
Generative AI (GenAI) is also gaining traction for “light-touch” applications such as running playbooks, updating policies, detecting social engineering attempts, generating detection rules, and guiding investigations. However, trust in autonomous decision-making remains limited — with most organisations still operating in the “co-pilot” phase rather than full automation.
AI Skills Redefining the Cybersecurity Workforce
As AI transforms cybersecurity operations, it is also reshaping the talent landscape.
Across India, the top five cybersecurity roles in demand are:
Security Data Scientists
Threat Intelligence Analysts
AI Security Engineers
AI Security Researchers
AI-focused Incident Response Professionals
Rather than simply adopting AI tools, organisations are now building teams around AI capabilities, reflecting a major shift in how cybersecurity functions are structured and managed.
Strategic Investments: From Infrastructure to Intelligence
Cybersecurity budgets are rising, with 82% of organisations reporting an increase in spending. However, most increases are modest — 64% under 5%, and 18% between 5–10% — suggesting that organisations are prioritising smarter, more targeted investments.
Over the next 12–18 months, the top five investment priorities include:
Identity security
Network security
SASE/Zero Trust
Cyber resilience
Cloud-native application protection
This marks a shift from infrastructure-heavy expenditure to risk-centric, intelligence-driven investment — aligning spending with the evolving threat landscape.
Teams Remain Under-Resourced and Overwhelmed
Despite growing attention at the executive level, many cybersecurity teams remain understaffed and overstretched.
Only 6% of the total workforce in surveyed organisations is allocated to internal IT, and just 13% of that is focused specifically on cybersecurity. Fewer than one in six organisations have a dedicated Chief Information Security Officer (CISO), and only 6% have purpose-built teams for Security Operations or Threat Hunting.
This lack of specialisation is impacting performance and morale. Over half of respondents reported being overwhelmed by surging threats, compounded by tool sprawl and talent retention challenges. The resulting burnout and complexity underline the need for smarter resourcing and consolidation strategies.
Consolidation and Convergence Become Core Strategies
As security environments grow more complex, organisations are increasingly pursuing converged cybersecurity frameworks that offer end-to-end visibility, operational efficiency, and simplified management.
According to the survey, 88% of respondents are either already converging networking and security or actively evaluating the move. Meanwhile, 74% are considering vendor consolidation — not just as a cost-saving measure, but as a strategic necessity. Key drivers include faster support, improved integration, cost efficiencies, and a stronger overall security posture.
Simon Piff, Research Vice President, IDC Asia-Pacific, said: “The findings of this survey reflect the growing maturity of cybersecurity across the region. Organisations are no longer experimenting with AI — they are embedding it across detection, response, and team design. This signals a new era of operations that are smarter, faster, and more adaptive to the evolving risk landscape. AI is fundamentally reshaping how threats are identified, prioritised, and acted upon — and this demands a parallel shift in cybersecurity strategy and talent.”
Vivek Srivastava, Country Manager, India & SAARC, Fortinet, added: “CISOs across India are entering a more advanced phase of cybersecurity planning — one where AI not only strengthens defences but also influences how organisations structure teams, allocate budgets, and prioritise threats. At Fortinet, we are helping customers embrace this shift by embedding AI across our platform, enabling faster detection, smarter response, and more resilient operations. As cyber risks become more complex and distributed, the need for converged, intelligent, and adaptive security models has never been greater.”