57% Firms Struggle to Hire AI Security Specialists as India’s Cybersecurity Talent Crisis Deepens: SANS-DSCI Study

India’s cybersecurity landscape is entering a new phase — one where the challenge is no longer just about deploying security technologies, but about building a workforce capable of defending increasingly complex AI-driven digital environments.

According to the newly launched Indian Cyber Security Skilling Landscape 2025–2026 report by SANS Institute and DSCI, 57% of cybersecurity providers say they are struggling to hire AI/ML security specialists, making AI security the single hardest cybersecurity domain to recruit for today.

The report highlights how the rapid adoption of AI, GenAI, cloud-native systems, APIs, and connected infrastructure is fundamentally reshaping enterprise cybersecurity requirements — even as the industry grapples with widening capability gaps across the workforce.

“The same playbook is now being played faster,” says James Lyne, CEO, SANS Institute. “AI hasn’t completely changed what attackers do. It has accelerated the pace and scale at which they do it.”

According to Lyne, organisations are now under pressure to operate at “machine speed” to keep pace with increasingly automated attack patterns. “For the next two to three years, attackers probably do have a bit of an advantage because they’re adopting these technologies very quickly,” he says. “Organisations are still adapting their defences to respond at that speed.”

The findings in the SANS-DSCI report underscore the scale of the transformation already underway. Nearly 62% of surveyed enterprises have active AI and GenAI projects running inside their digital environments, while 73% of cybersecurity providers report rising demand for AI and GenAI security services from clients.

Lyne points out that organisations are embracing AI faster than they are preparing their workforce to secure it. “83% of organisations now consider AI and GenAI security skills critical,” he notes. “But 32% of organisations are already reporting a growing skills gap specifically around AI-enabled threats. We are putting AI into practice much faster than we are putting AI security skills into the hands of people.”

It is not a people shortage, but a capability gap

One of the most significant conclusions emerging from the report is that India’s cybersecurity workforce issue has evolved beyond headcount.

“We have a lot of people in cybersecurity now,” says Lyne. “The real issue is capability — having professionals who can confidently respond when an incident happens in a live environment.”

The report highlights the disconnect between certifications and operational readiness. Among enterprises surveyed, 53% reported a lack of hands-on technical capability, 58% cited limited cross-domain expertise, 40% highlighted weak automation and scripting skills, and 35% reported a weak understanding of frameworks such as NIST and ISO.

Cybersecurity providers reported similar challenges: 66% identified limited hands-on capability as a delivery risk, 60% cited weak cross-domain expertise, and 51% pointed to communication and operational maturity gaps.

Perhaps the clearest indication of the widening talent challenge is hiring itself. According to the report, 73% of organisations reported difficulty finding candidates with the right cybersecurity skills for the roles they were trying to fill.

“That doesn’t necessarily mean there aren’t enough people,” Lyne says. “But finding people with the right skills to sit in that seat and actually do the job remains a significant challenge.”

According to Arindam Roy, Country Director – South Asia, SANS Institute, the Indian market has shifted rapidly over the last few years. “Three years ago, organisations were primarily trying to fill vacant positions. Now the focus has shifted toward capability-driven roles where depth of expertise matters far more.”

The shortage is particularly visible in emerging technology domains. The report found that 48% of the enterprises struggle to hire AI security professionals, 40% report shortages in security architects, 35% face hiring challenges in threat intelligence, and 35% struggle to recruit digital forensics specialists.

AI is changing the structure of cybersecurity teams

The report also points to a major shift in how cybersecurity operations are being organised.

As AI and automation increasingly handle repetitive monitoring and alert triage tasks, traditional entry-level SOC roles are beginning to shrink. According to the study, 68% of organisations report reductions in Level-1 security roles, 47% say AI has accelerated investigation and response, and 43% report growing demand for AI-augmented analysts.

However, SANS leaders caution that organisations must avoid weakening long-term talent pipelines in the process. “If we remove all the junior roles, we won’t have enough senior professionals later,” Lyne says. “We still need structured pathways that help people grow from junior to intermediate to advanced capability levels.”

The report also highlights significant gaps in entry-level readiness. Organisations reported that graduates often enter the workforce without exposure to real-world enterprise environments. Almost 26% of the organisations cited a lack of hands-on practice, and 22% said graduates lack familiarity with enterprise tools.

Roy emphasises that organisations need to move beyond compliance-driven approaches to cybersecurity capability building. “Operational readiness is not just about technology and process,” he adds. “It is people, process, and technology working together. If one part is missing, organisations will struggle during critical situations.”

CISOs are balancing AI threats, regulation, and board expectations simultaneously

The report also sheds light on the increasing pressures facing cybersecurity leaders across Asia-Pacific.

Suresh Mustapha, Managing Director, Asia Pacific – SANS Institute, describes the modern CISO role as one of the most demanding leadership positions in enterprise technology today. “CISOs are under three simultaneous pressures,” Mustapha says. “AI is accelerating attacks, regulations are becoming more fragmented, and boards want measurable proof of resilience.”

Mustapha points out that the challenge is intensified by the fragmented regulatory environment across Asia-Pacific, including India’s DPDP framework, Singapore’s MAS guidelines, and evolving privacy regulations across multiple jurisdictions.

The SANS report also points to growing stress and fatigue across cybersecurity teams globally. “A lot of security professionals are feeling overwhelmed,” Lyne avers. “The pace of attacks, AI disruption, compliance demands, and increased operational pressure are all contributing to that.”

To address this, Mustapha said organisations need to shift from reactive security models toward intelligence-led defence strategies focused on contextual threat intelligence, detection engineering, continuous red teaming, and proactive threat hunting. “It’s not about reacting faster,” he says. “It’s about being prepared before the attack happens.”

Critical infrastructure and AI security are becoming major focus areas

Vinayak Godse, CEO, DSCI, points out that the cybersecurity ecosystem is now being reshaped simultaneously by emerging technologies, evolving threats, and geopolitical tensions.

“The world is at a critical juncture from cybersecurity, privacy, and critical technology perspectives,” Godse reminds. “The skill-building efforts must be overhauled to future-proof incoming talent and reskill the existing workforce.”

Roy adds that India’s rapid growth across fintech, UPI ecosystems, ecommerce, and digital infrastructure makes capability-building increasingly important. “Wherever there is scale and sensitive data, there is the possibility of cyberattacks,” he warns. “India has immense talent, but we need to make that talent market-ready.”

SANS plans to significantly expand its India footprint over the next three to five years. The organisation has already trained around 6,000 professionals in India and currently supports roughly 3,000 active certifications in the country.

For SANS leaders, however, the long-term differentiator will not simply be access to AI tools or automation platforms. “When everyone has AI, the edge becomes human again,” Lyne concludes. “Critical thinking, operational readiness, and strong cybersecurity teams will continue to matter most.”