Indian businesses are among the most aggressive adopters of AI in the Asia-Pacific region. More than 80% are experimenting with autonomous agents, and nearly 70% say their AI initiatives are hitting or exceeding ROI expectations, according to recent Deloitte research.
But that momentum comes with serious caveats.
Security is a major sticking point: 92% of Indian executives express concern over AI-related threats, with a nearly equal number citing privacy as a top worry. The tools are powerful — but the risks are real.
“Trust must be cultivated by enhancing resilience against security vulnerabilities and privacy risks while adapting to evolving regulations,” says Jayant Saran, partner at Deloitte India.
Security Posture Falling Behind
As businesses modernize, familiar weaknesses are still proving costly. Inconsistent use of multifactor authentication remains a top contributor to breaches, and many organizations are only beginning to formalize governance structures around AI.
Layer on new legal and regulatory obligations, and security teams are feeling the strain. The recently introduced Digital Personal Data Protection Rules 2025 impose strict reporting timelines, including notifying regulators of a breach within six hours and submitting full details within 72.
The framework also creates a new layer of complexity with the introduction of “consent managers” — intermediaries that store citizen data and facilitate permission management.
Long says the regulatory sprawl is already causing headaches.
“Organizations will have to navigate this complexity without clarity from the government on how to coordinate reporting the same incident across four-plus different regulators with varying deadlines,” he says.
Security teams now have a two-year transition period to prepare — a window that many will need just to align reporting workflows and staff training.
Preparing for Tomorrow’s Threats
While today’s issues dominate the agenda, Indian CISOs are also casting an eye to the horizon. One looming concern: the future impact of quantum computing. In a “harvest now, decrypt later” scenario, attackers could steal encrypted data today with plans to crack it once quantum capabilities emerge.
It’s a reminder that risk isn’t static — and neither can security strategy be.
The SOC Must Modernize — With AI at Its Core
To meet current and future threats head-on, organizations in India need to rethink their approach to security operations.
Modernizing the Security Operations Center (SOC) — both technologically and operationally — is key. That means embedding AI into detection and response workflows, but also investing in the people who will run them.
“Maintaining robust cybersecurity hygiene is paramount,” Long says. “That includes diligent implementation of critical controls like vulnerability management and multifactor authentication — but also developing comprehensive threat detection and response capabilities.”
Skills remain a limiting factor. As India’s tech sector grows, companies must ramp up training, reskilling, and retention programs to build the talent pipeline needed for long-term resilience.
The future of AI in India is bright. But for innovation to thrive, cybersecurity must evolve just as quickly — if not faster.
