Fortinet revealed the results of a recent IDC survey, which shows that cyber attacks in India and the Asia Pacific area have sharply increased in both volume and sophistication. According to the Fortinet-commissioned report, attackers are using artificial intelligence (AI) at a quick pace to scale fast-moving, covert assaults, making it difficult for security teams to identify and react in time. The findings show that the threat picture is becoming more complicated and moving toward holes in infrastructure, visibility, and governance, which will make things more difficult for overworked cyber teams.
The majority of businesses have seen that AI has joined the attacker’s arsenal.
It is no longer just a theory that cybercrime will increase due to AI. In the last year, about 72% of Indian organizations reported coming across cyberthreats driven by artificial intelligence. These dangers are growing quickly; 70% of organizations report a 2X rise, and 12% report a 3X increase.
This new breed of AI-powered attacks is more difficult to identify and frequently takes advantage of flaws in identification systems, setups, and human behavior. The most common AI-driven threats in India include automated reconnaissance of attack surfaces, AI-generated phishing emails, Deepfake Impersonation in Business Email Compromise (BEC), AI-powered malware (Polymorphic malware), and AI-assisted credential stuffing and brute force assaults.
Just 14% of organizations believe they are highly confident in their capacity to fight against AI-driven assaults, despite the fact that these attacks are becoming more frequent. A considerable readiness gap is shown by the fact that 21% of Indian organizations are unable to track AI-powered risks at all, while 36% acknowledge that AI dangers are surpassing their detection skills.
Nowadays, cyber risk is a constant rather than an emergency.
The cybersecurity environment is now characterized by ongoing exposure rather than sporadic catastrophes. Indian organizations are becoming more and more exposed to covert dangers. The most often reported threats include ransomware (44%), cloud vulnerabilities (60%), phishing (54%), unpatched and zero-day exploits (50%) and software supply chain assaults (64%).
The risks that cause the most disruption are no longer the most evident. Unpatched and zero-day exploits are at the top of the list, closely followed by human mistake, software supply chain assaults, insider threats, and cloud setup errors. Because they frequently evade detection by conventional defenses and take advantage of internal vulnerabilities and visibility holes, these attacks are very harmful. Because of this, these less obvious, more complicated hazards are now thought to be more harmful than well-known ones like phishing or ransomware.
Because of more established defenses like endpoint protection and awareness training, traditional threats like malware and phishing are still expanding at a relatively low pace of about 10%. On the other hand, the risks that are increasing the quickest include supply chain assaults (18%), insider threats (16%), cloud vulnerabilities (12%), ransomware (22%), and IOT/OT attacks (12%). These risks are growing quickly because they take advantage of weaknesses in visibility, governance, and system complexity, which makes them more difficult to identify and, if successful, possibly more harmful.
Downtime is no longer the only penalty. The following are the top business repercussions of cyberattacks: operational interruption (42%), regulatory fines (46%), loss of consumer trust (50%), and data theft and privacy breaches (60%). There is actual financial harm as well: 56% of respondents reported breaches that led to financial loss, with one in five of those breaches costing more than $500,000.
Under Pressure Teams: Too Few Members, Too Many Issues
India’s security forces still struggle with a lack of resources. Only 7% of employees work in internal IT on average, and only 13% of those employees are focused on cybersecurity. This means that for every 100 employees, there is fewer than one full-time cybersecurity specialist.
The majority of organizations (63%) still integrate cybersecurity duties with more general IT jobs, and just 15% have a Chief Information Security Officer (CISO) working alone. For tasks like threat hunting and security operations, just 6% of organizations employ specialized teams.
The increase in threats is also putting increasing strain on these thin teams. Burnout and dispersion within cyber teams are caused by the main difficulties, which include overwhelming threat volume (54%), trouble retaining competent cybersecurity professionals (52%), and tool complexity (44%).
Despite an increase, investment is still trailing risk.
Investment in cybersecurity is still disproportionately low, despite growing awareness. Given the size and seriousness of the risks, cybersecurity often receives just 15% of IT expenditures, or slightly more than 1.4% of overall revenue. Nonetheless, budgets are gradually increasing; in India, almost 80% of organizations report an increase. The majority of these gains, meanwhile, are still below 10%, indicating that investment is still cautious.
Businesses are spending less on infrastructure and more on more strategic expenditures. A move toward access-centric, risk-based security planning is seen in the top five priorities, which include identity security, network security, SASE/Zero Trust, cyber resilience, and cloud-native application protection.
But there is also a chronic lag in tackling operational and human-layer risks, as seen by the minimal financing allocated to crucial areas like OT/IoT security, DevSecOps, and security training.
Platform-Based Resilience in the Face of Increasing Complexity According to 88% of Indian respondents, security and networking are now widely convergent or actively weighing their alternatives. This action demonstrates how urgent it is to unify defenses, simplify architectures, and expedite operations.
Although there are still obstacles to overcome, 74% of organizations are already in the process of consolidating. Notwithstanding these advancements, about 50% of all respondents still list tool administration as a significant obstacle, suggesting that the issue is not so much the quantity of tools as it is their disarray and lack of integration. Vendor consolidation is becoming more widely recognized as a strategic tool for boosting visibility, problem solving, and detection speed in addition to cost savings. Faster support (59%), financial savings (53.1%), greater integration (53%), and enhanced security posture (51%), are the top benefits that organizations look for when they consolidate.
Quotations to Support
“The findings of this survey point to a growing need for AI-accelerated defence strategies across APJC. Organisations are facing a surge in stealthy, complex threats—from misconfigurations and insider activity to AI-enabled attacks—that bypass traditional detection methods. A shift toward integrated, risk-centric cybersecurity models is critical to staying ahead. In this new threat landscape, reactive security is no longer enough—predictive, intelligence-driven operations must become the norm.”
– Simon Piff, Research Vice-President, IDC Asia-Pacific
“Complexity is now the new battleground in cybersecurity, and AI is both the challenge and the frontline defence. As threats grow quieter and more coordinated, Fortinet is helping organisations across India stay ahead with a unified, platform-based approach that brings together visibility, automation, and resilience. In today’s threat environment, speed, simplicity, and strategy matter more than ever. Our focus is on helping customers shift from piecemeal defences to AI-powered security that’s built for scale and sophistication.”
– Vivek Srivastava, Country Manager, India & SAARC, Fortinet
“As cyber threats grow more covert and coordinated, we’re seeing a clear shift in how organisations approach cybersecurity investment. The focus is moving beyond infrastructure to more strategic areas like identity, resilience, and access. At Fortinet, we’re helping customers reframe cybersecurity as a long-term business enabler, not just a line of defence. Our platform brings the scale, intelligence, and simplicity needed to adapt and thrive in this new reality.”
– Rashish Pandey, Vice President of Marketing and Communications, Asia & ANZ, Fortinet
Also read:Â Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
