New Delhi: Artificial intelligence is set to lead cybersecurity investment and strategy for Indian organisations over the next year, according to PwC’s 2026 Global Digital Trust Insights survey. From budget allocations to addressing skill shortages, AI now sits at the centre of how businesses plan to strengthen defence capabilities in an increasingly complex threat landscape.
The global study surveyed 3,887 business and technology executives between May and July 2025. The India edition highlights responses from 138 senior leaders across Indian enterprises.
Cyber Gaps Persist Despite Progress
While organisations are more aligned at the executive level on cyber priorities, several critical vulnerabilities remain. Less than or roughly half of respondents say they are “very capable” of addressing issues such as unpatched software updates (57%), weak authentication controls (55%), insufficient endpoint visibility (55%), supply chain vulnerabilities (52%), connected-device risks (49%), inadequate network architecture (48%), and legacy systems (45%).
Sundareshwar Krishamurthy, Partner and India Cyber Leader, PwC India, said, “India’s cybersecurity posture is evolving rapidly, driven by executive alignment and a growing recognition that cyber is central to business strategy. With 72% of organisations prioritising cyber risk at the board level, the shift from reactive defence to intelligence-led resilience is well underway. AI, cloud security, and managed services are now core to India’s cyber investment agenda. However, resilience demands foresight. Organisations remain underprepared to tackle third-party breaches and quantum threats, two of the most pressing risks in today’s digital ecosystem. The persistent talent gap further complicates execution, especially in areas like AI-enabled defence and quantum cryptography. Looking ahead, the organisations that will lead are those embedding cybersecurity into core decision-making, aligning budgets to emerging risks, and building teams capable of anticipating not just reacting to threats. Resilience will come from foresight, not hindsight.”
AI Leads Budget Priorities
Cybersecurity budgets continue to expand, though at a steadier pace compared to last year. Among Indian organisations surveyed, 87% expect their cyber budgets to grow in 2026, with nearly one-third planning to increase spending by over 10%. While this marks a slight dip from last year’s 93%, it remains a strong indicator of continued investment.
AI is the top priority for new spending, with 46% planning to invest in AI capabilities over the next 12 months—ahead of cloud security (33%) and managed cyber services (28%). More than half (60%) are prioritising AI-driven threat hunting, followed by newer capabilities such as agentic AI (47%).
Cyber Risk Quantification Gains Ground
As threats intensify, more organisations are quantifying cyber risks financially. Half of Indian respondents now use cyber risk quantification to measure potential financial impact to a significant extent.
This shift is driven in part by the rising cost of breaches: 25% of organisations report that their most damaging breach in the past three years exceeded US $1 million, with exposure particularly high (45%) among companies with revenues above $5 billion.
Skills Shortages Slow AI and Cyber Defence Adoption
Talent gaps continue to hinder cybersecurity advancement. Over the past year, 60% of respondents cited a lack of knowledge in applying AI for cyber defence, while 50% pointed to a shortage of relevant skills as key internal challenges.
Beyond AI, skills shortages also impact operational technology (OT) and industrial IoT security, where 55% of leaders point to lack of qualified personnel as a major barrier.
To overcome these constraints, organisations are prioritising investment in AI and machine learning tools (61%), consolidation of cyber tools (51%), security automation (49%), and workforce reskilling and upskilling (49%).
Quantum Risks Rising, But Preparedness Remains Low
Quantum technologies are emerging as a major risk category, yet most organisations remain unprepared. Quantum-related threats rank just behind third-party breaches (18%), ransomware (13%), cloud-related threats (12%), and connected product attacks (8%) in perceived risk.
Still, nearly 40% of organisations have not begun implementing quantum-resistant security measures, citing limited understanding of post-quantum risks, resource constraints, and competing priorities.
