As cyber threats evolve at an unprecedented pace, security leaders are being urged to rethink traditional defence strategies and prepare for an era defined by artificial intelligence, identity-based attacks, regulatory complexity and the looming impact of quantum computing.
Gartner Security & Risk Management Summit 2026 in Mumbai set the tone for this shift, with analysts outlining the strategic priorities shaping the next phase of cybersecurity. From the need for post-quantum cryptography to the rise of AI-driven identity threats, the summit highlighted how organisations must rethink governance, resilience and technology investments to stay ahead of emerging risks.
Cybersecurity Spending in India Set to Cross $3.4 Billion
Cybersecurity investment in India continues to accelerate as organisations confront increasingly complex threats. According to new projections from Gartner, end-user spending on information security in India is expected to reach $3.4 billion in 2026, representing 11.7% growth over the previous year.
The increase reflects growing concerns around AI-driven cyberattacks, expanding digital operations and stricter regulatory frameworks such as the Digital Personal Data Protection Act.
Security software will remain both the largest and fastest-growing segment, projected to grow 12.4% in 2026, driven by demand for endpoint protection platforms, security information and event management (SIEM) systems, and cloud security solutions designed to address AI-specific risks.
At the same time, organisations are increasingly turning to managed security services to address talent shortages and rising threat complexity. Managed detection and response (MDR) services are expected to lead the growth in this category as enterprises seek scalable, cost-efficient approaches to strengthening their security posture.
CISOs Confront a New Cybersecurity Reality
Opening the summit keynote, Wam Voster, VP Analyst at Gartner, emphasised that chief information security officers must rethink traditional approaches to cyber risk in a world shaped by geopolitical tensions, AI-driven innovation and regulatory uncertainty.
He outlined three strategic themes defining cybersecurity priorities for 2026:
Transform governance: Organisations must evolve governance frameworks to address emerging risks, regulatory mandates and enterprise-wide accountability for cyber resilience.
Secure new frontiers: The rapid adoption of technologies such as quantum computing and AI agents introduces new attack surfaces that require proactive defence strategies.
Normalize AI adoption: As AI becomes embedded across business operations, organisations must integrate robust security oversight and governance mechanisms to manage associated risks.
“Amid regulatory volatility and broad geopolitical, technological and organisational forces, CISOs must reassess how they approach cyber risk management, resilience and resource allocation,” Voster said, urging leaders to evaluate each trend strategically and determine whether to adopt, monitor or deprioritise it.
Preparing for the Quantum Threat
One of the most urgent themes emerging from the summit is the approaching disruption posed by quantum computing.
In a dedicated session on post-quantum security, Sarah Almond, Director Analyst at Gartner, warned that current encryption methods could become vulnerable within this decade as quantum capabilities mature.
“Advances in quantum computing will make conventional asymmetric cryptography unsafe to use by 2030,” Almond said, highlighting the growing risk of “harvest now, decrypt later” attacks in which adversaries steal encrypted data today with the intention of decrypting it once quantum technology becomes powerful enough.
To address this challenge, Gartner recommends that organisations begin preparing immediately by embedding post-quantum security into long-term cybersecurity roadmaps. This includes identifying where cryptography is used across the enterprise, enabling crypto-agile systems that allow rapid algorithm upgrades, and launching proof-of-concept projects with quantum-resistant encryption technologies.
Almond also stressed the importance of establishing cross-functional collaboration through cryptography centres of excellence that can coordinate enterprise-wide migration strategies.
Identity Threats Rise in the Age of AI
Identity-based attacks are rapidly emerging as one of the most critical cybersecurity challenges facing organisations. Credential theft, deepfake-enabled fraud and AI-driven impersonation are expanding the attack surface and forcing security leaders to rethink identity protection strategies.
According to Shailendra Upadhyay, Senior Principal at Gartner, identity threat detection and response (ITDR) is quickly becoming a central focus for CISOs as enterprises transition toward identity-first security models.
At the same time, the rise of agentic AI systems introduces a new category of digital identities that require governance. Autonomous AI agents interacting with enterprise systems create complex challenges for traditional identity and access management frameworks.
To mitigate these risks, Gartner analysts recommend developing policy-driven identity governance models that address both human users and machine actors, while implementing automated credential lifecycle management to ensure secure access control.
From Compliance to Cyber Resilience
Regulatory changes are also reshaping cybersecurity strategies worldwide. The implementation of India’s Digital Personal Data Protection Act alongside evolving global AI and cybersecurity regulations is increasing compliance complexity and placing new accountability pressures on boards and executives.
Alex Michaels, Director Analyst at Gartner, noted that cybersecurity leaders must move beyond an IT-centric compliance mindset and position security as a strategic enabler of business innovation.
Organisations are being encouraged to establish stronger collaboration between security, legal, procurement and business teams to ensure shared accountability for cyber risk and regulatory compliance.
A Strategic Shift for Security Leaders
The overarching message from Day 1 of the summit was clear: cybersecurity is no longer a purely technical discipline but a strategic business function.
As AI adoption accelerates, regulatory expectations grow and quantum computing edges closer to reality, organisations must adopt more adaptive and forward-looking security strategies.
For CISOs, the challenge is not simply defending against today’s threats but preparing their organisations for a future where the boundaries between technology innovation and cybersecurity risk continue to blur.
