AI-driven cyber threats rise across Indian organisations

A growing number of organisations in India are encountering cyber threats linked to artificial intelligence (AI), including deepfake-driven attacks and AI-generated misinformation, according to the 2026 Data Threat Report released by Thales Group.

The report, based on research conducted by S&P Global’s 451 Research unit, found that 65 per cent of organisations in India surveyed reported experiencing deepfake-related incidents, while 55 per cent said they had faced reputational damage linked to AI-generated misinformation. At the same time, 64 per cent of respondents in India ranked AI-enabled attacks as their leading data security risk, compared with 70 per cent globally.

As organisations integrate AI into business operations, the technology is increasingly being granted broad access to enterprise data across multiple systems. Analysts say this shift is introducing new vulnerabilities while amplifying existing cyber threats.

“AI adoption is accelerating rapidly, and with it the scale and sophistication of cyber threats,” said Ankur Kanaglekar, Vice President for India at Thales Group. He noted that the growing use of AI has contributed to the rise of next-generation attacks, particularly deepfakes.

“When identity governance, access policies or encryption frameworks are weak, AI can amplify those weaknesses across corporate environments far faster than any human ever could,” he said.

Visibility Gaps and Data Exposure

The report also highlights a gap between the adoption of AI and organisations’ ability to manage and protect data effectively. Only 35 per cent of organisations in India reported having full visibility into where their data is stored, while 36 per cent said they could fully classify their data.

Globally, nearly half of sensitive cloud data, around 47 per cent, remains unencrypted. Limited visibility into data across cloud and software-as-a-service environments makes it more difficult for organisations to enforce strict access controls, increasing exposure when credentials are compromised.

Identity infrastructure has emerged as a major point of vulnerability. Credential theft remains the leading attack technique against cloud management infrastructure, cited by 68 per cent of organisations in India that experienced cloud-related attacks.

At the same time, managing digital credentials and machine identities is becoming more complex. Around 44 per cent of organisations in India identified secrets management, including the control of API keys, tokens and machine credentials, as a major application security challenge.

AI Intensifying Existing Cyber Risks

The report notes that while organisations are deploying AI to enhance efficiency and automation, cybercriminals are also adopting the technology to improve the scale and credibility of attacks.

Deepfake technology, for example, can be used to impersonate executives or employees, making phishing and identity-based attacks more convincing. Globally, 60 per cent of organisations surveyed reported experiencing deepfake-related incidents.

Human error continues to contribute significantly to security breaches. In India, the report estimates that around 26 per cent of breaches involve human mistakes. With AI-driven automation increasingly integrated into enterprise systems, such errors can spread more quickly and affect a larger number of systems.

Security Investment Struggling to Keep Pace

Although organisations recognise the growing risks associated with AI, investment in AI-focused security measures is progressing slowly. Around 30 per cent of organisations globally, including those in India, have established dedicated budgets for AI security.

However, the majority, 53 per cent of organisations in India, continue to rely on existing security budgets and frameworks originally designed to protect traditional IT environments and human users.

Eric Hanselman, Chief Analyst at S&P Global 451 Research, said the rapid integration of AI into enterprise operations requires organisations to rethink their security strategies.

“As AI becomes deeply embedded into enterprise operations, continuous data visibility and protection are no longer optional,” he said. “Organisations must treat data security strategy as foundational to innovation, not separate from it.”

Rethinking Security for an AI-Driven Environment

Security experts say that as AI systems gain broader access to corporate data and operational systems, organisations must place greater emphasis on identity governance, encryption and data visibility.

Rather than replacing traditional cyber threats, AI is intensifying them by increasing their speed, scale and reach. As a result, companies are being urged to adapt their security frameworks to account for automated systems that can authenticate, access and act within enterprise networks.

Analysts say organisations that incorporate stronger governance, encryption and identity controls into their AI strategies will be better positioned to manage emerging cyber risks while continuing to adopt new technologies.