Indian businesses are rapidly embracing artificial intelligence, with over 80% already experimenting with autonomous systems and seeing strong returns on their investment. However, this fast-paced innovation is creating significant new risks. A recent Deloitte study reveals a major paradox: while companies are eager to adopt AI, an overwhelming 92% of Indian executives are deeply concerned about AI-related security threats and privacy violations, highlighting an urgent need to balance progress with protection.
The Double-Edged Sword of AI Adoption
The rush to implement AI is understandable. Nearly 70% of companies report that their AI projects are meeting or even exceeding their return on investment (ROI) expectations. This success is fueling a wave of adoption across the Asia-Pacific region, with India leading the charge.
But this momentum carries serious warnings. The same tools that drive efficiency and innovation can be exploited if not properly secured. The high level of concern among executives points to a growing awareness that the risks are real and potentially damaging to both businesses and their customers.
According to Jayant Saran, a partner at Deloitte India, building a foundation of safety is non-negotiable. He states, “Trust must be cultivated by enhancing resilience against security vulnerabilities and privacy risks while adapting to evolving regulations.”
Security Gaps and Regulatory Hurdles
As companies modernize, many are still struggling with fundamental security practices. The inconsistent use of multifactor authentication (MFA) continues to be a leading cause of data breaches, and formal governance structures for AI are often still in their infancy.
This situation is made more complex by new legal obligations. The recently introduced Digital Personal Data Protection Rules 2025 are putting immense pressure on security teams with strict new requirements.
Key challenges under the new rules include:
- Notifying regulators of a data breach within just six hours.
- Submitting a full, detailed report of the incident within 72 hours.
- Navigating the complexity of “consent managers,” a new type of intermediary that will handle citizen data and permissions.
Experts like Long warn that this regulatory expansion is already creating confusion. “Organizations will have to navigate this complexity without clarity from the government on how to coordinate reporting the same incident across four-plus different regulators with varying deadlines,” he says. Companies have a two-year window to prepare, which many will need simply to get their reporting workflows in order.
Preparing for Future Threats
While dealing with today’s issues, Indian Chief Information Security Officers (CISOs) must also look ahead to future dangers. One significant concern is the threat posed by quantum computing. This technology, once mature, could break most current forms of encryption.
Attackers are already anticipating this. In a “harvest now, decrypt later” scenario, hackers can steal encrypted data today and store it, waiting for the day they have a quantum computer powerful enough to crack it open. This long-term threat is a stark reminder that risk is constantly evolving, and security strategies cannot afford to remain static.
Modernizing the SOC with AI
To effectively combat both current and future threats, Indian organizations must fundamentally change their approach to security operations. The key lies in modernizing the Security Operations Center (SOC) by integrating AI into the core of detection and response systems.
However, technology alone is not enough. As Long emphasizes, “Maintaining robust cybersecurity hygiene is paramount.” This means diligently implementing critical controls like vulnerability management and multifactor authentication while also developing comprehensive threat detection capabilities.
The biggest roadblock may be the ongoing skills shortage. As India’s tech sector continues to expand, the demand for skilled cybersecurity professionals is outpacing supply. Companies must invest heavily in training, reskilling, and retention programs to build the expert teams needed to secure the future of AI in India. For innovation to truly succeed, cybersecurity must evolve even faster.
