Nine out of ten organisations in India reported facing AI-related security incidents in the past year, according to a new report by Cisco. While artificial intelligence is becoming a go-to technology for defending systems, the same tools are increasingly being turned against the very companies using them.
The findings raise fresh concerns around how Indian businesses are navigating the fast-evolving cyber threat landscape—one where AI is both protector and potential saboteur.
Most Indian organisations are turning to AI for cybersecurity: 96% use it to understand threats, 88% for detection, and 77% for recovery. But here’s the catch—only 66% say their employees fully understand the risks tied to AI, and just 63% believe their teams know how attackers can manipulate the same technology.
That mismatch could be costly.
The report points to a significant awareness gap that’s exposing businesses to avoidable vulnerabilities. Shadow AI—systems deployed without IT’s knowledge—and unchecked use of public generative AI platforms are making matters worse. About 28% of employees reportedly have open access to such tools, while 43% of IT teams are unaware of how staff are using them.
Another telling finding: only 7% of Indian firms have achieved a “Mature” level of cybersecurity readiness. That’s slightly better than last year’s 4%, but still not reassuring when you consider the scale of threats businesses are facing.
Most organisations continue to operate in highly fragmented security environments. A whopping 84% admitted that depending on too many separate tools is actually slowing down their ability to respond to attacks. And with hybrid work becoming the norm, unmanaged devices have opened up yet another weak spot. Around 90% of companies flagged them as a rising risk.
Despite rising concern, cybersecurity spending appears to be slipping. Only 54% of organisations said they now spend more than 10% of their IT budgets on security—down from 61% a year ago. That decline is especially worrying given the expanding digital attack surface.
Then there’s the talent crunch. A vast 92% of firms say they’re struggling with a shortage of skilled cybersecurity professionals. Around 65% reported having over ten vacant cybersecurity roles. It’s a gap that doesn’t look like it’ll close anytime soon.
Looking ahead, 81% of Indian organisations expect cyber incidents to disrupt their business over the next 12 to 24 months. Whether that’s through data breaches, downtime, or reputational hits, the forecast is far from sunny.
Samir Kumar Mishra, director of Cisco’s Security Business for India and SAARC, said the scale and sophistication of cyberattacks now threaten more than just data—they risk grinding operations to a halt and eroding customer trust.
He says firms may need to rethink their approach and shift towards more unified, AI-driven platforms that automate defence mechanisms. But he also pointed to the need for tighter control over device usage, better AI awareness, and above all, a solution to the talent shortfall.