In its latest announcement, Fortinet shared the results of a 2025 IDC study illustrating how Indian organisations are embracing AI as a key pillar of their cybersecurity strategy. Conducted on Fortinet’s behalf, the IDC research highlights that AI has transcended its early hype to become essential for achieving speed, precision, and scale—fundamentally transforming talent acquisition, investment focus, and team architecture in modern cyber defence. 

How AI Is Redefining the Future of Cybersecurity  

AI has become both a shield and a sword in today’s cybersecurity landscape. It enables defenders to detect threats faster, respond with precision, and manage intelligence at scale. Yet, attackers are using AI to their advantage—creating more stealthy and adaptive campaigns. As the IDC study shows, 72% of Indian organisations faced AI-enabled attacks over the past year, with 70% witnessing a twofold and 12% a threefold increase in incidents. Such threats are increasingly difficult to identify, often exploiting lapses in governance, visibility, and internal processes. 

From Experiment to Execution: AI Adoption Gains Full Momentum  

For most Indian organisations, AI is no longer experimental—it’s embedded in daily security operations. Over 90% have adopted AI tools, evolving from basic detection to advanced use cases including automated and guided response, predictive threat analysis, behavioural monitoring, and AI-based threat intelligence. This reflects a maturing approach where detection is foundational, but prediction and orchestration now define competitive capability. 

Generative AI is gaining steady ground in lighter applications such as updating security rules, managing playbooks, and identifying social engineering attempts. However, confidence in full automation remains low; autonomous remediation and guided recovery are still rare, indicating that AI is currently functioning as a trusted “co-pilot” rather than a solo operator. 

From Building Blocks to Brainpower: The Next Phase of Cyber Investment  

Cybersecurity funding continues to climb, with 82% of organisations reporting budget increases. Yet, the rise remains conservative—64% note less than a 5% uplift and 18% between 5–10%. This pattern reflects a disciplined approach, as organisations concentrate on sustaining operations and talent rather than expanding infrastructure. The key focus areas for the next 12–18 months—identity security, network security, SASE/Zero Trust, cyber resilience, and cloud-native application protection—illustrate a decisive pivot toward intelligent, risk-based investment strategies tailored to the modern threat environment. 

Stretched Thin: Security Teams Battle Growing Demands with Limited Support 

Even as cybersecurity gains executive visibility, many organisations are struggling with insufficient resourcing and focus. Just 6% of the overall workforce is assigned to IT, and only 13% of that group focuses on cybersecurity. Less than one in six companies have a dedicated CISO, and only 6% maintain specialised security operations and threat-hunting teams. 

This shortage of skilled, purpose-built capacity is straining performance. More than half of organisations are facing a sharp rise in threats, compounded by tool complexity and difficulties retaining talent. The resulting burnout and inefficiency point to an urgent need for smarter allocation models and sustained investment in specialised cybersecurity capabilities.