India has emerged as one of the top three targets for ransomware attacks in the Asia-Pacific region during the first half of 2025, recording 21 incidents, according to a report by Cyble. The country ranked behind Taiwan and Singapore, with information technology, banking, financial services and insurance (BFSI), and manufacturing sectors being the most affected.
While ransomware dominates headlines, experts warn of deeper systemic vulnerabilities. IBM’s latest report revealed that the average cost of a data breach in India has risen to ₹22 crore, a 13 per cent increase from ₹19.5 crore in 2024. Organisations using AI and security automation reduced breach costs by more than half, yet 73 per cent reported limited or no deployment of such tools.
A major factor driving higher costs is “Shadow AI,” where employees use AI tools without IT or compliance oversight. IBM identified Shadow AI as one of the top three cost drivers in breaches, adding an average of ₹1.8 crore per incident. Less than half of organisations have policies to detect or manage it.
Governance remains a challenge, with nearly 60 per cent of organisations lacking an AI governance policy or still drafting one. Among those with policies, only a third have implemented enforcement technologies.
The problem extends beyond AI. A report by cybersecurity firm Infopercept found that 84 per cent of chief information security officers admitted they lacked complete visibility into vulnerabilities such as misconfigurations, unpatched systems, unprotected custom applications, and human error.
“Exposures are not attacks, but they are open doors for attackers. And most companies are leaving those doors wide open,” the report stated.
Highlighting the gap between cybersecurity operations and business priorities, Purvang Raval, AVP, product marketing at Infopercept, said, “You may have over 5,000 vulnerabilities in your environment, but in reality, only 50 of them matter most from a business risk point of view. The real gap is a lack of business context in cybersecurity decision-making.”
He further pointed out that organisations often fail at both “security with AI” and “security for AI” and stressed the importance of targeted employee education. “We’re not talking about basic awareness programmes. Gen Z employees, in particular, need to be educated—really educated—on AI risks and digital accountability,” he said.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
