Cybersecurity maturity in India surpasses regional average, says Palo Alto study

Palo Alto Networks, provider of AI-powered security solutions across network, cloud, security operations and AI, has published its 2025 Cybersecurity Resilience in Mid-Market Organisations report, based on a survey of 300 IT decision-makers in India. The study focused on mid-sized companies with 200 to 700 employees, representing a variety of sectors, including Information, Media & Telecommunications; Manufacturing; Financial & Insurance Services; Professional Services; Education & Training; and Health & Social Assistance.

Respondents included CIOs, CTOs, CISOs, senior non-technology managers, and direct reports to technology leaders. The report aims to provide insight into the current state of cybersecurity readiness and maturity in this segment.

The study found that India leads the Asia-Pacific and Japan (JAPAC) region with a cyber maturity score of 20.3 out of 25. While this suggests meaningful progress, the report notes that many organisations are still at an early stage in integrating AI into security workflows. Challenges persist, particularly in incident recovery and broader cyber resilience. Additionally, the management of multiple tools and fragmented environments continues to affect operational efficiency. The report suggests that addressing these issues may require a more unified, platform-based strategy that incorporates AI-driven capabilities.

“Cybersecurity is no longer just an IT concern, it is a business priority. As threats become more sophisticated and AI reshapes the threat landscape, our benchmark study shows that many mid-market organisations are still trying to keep pace,” said Michelle Saw, Vice President, Ecosystems, Asia-Pacific and Japan at Palo Alto Networks. “The findings are intended to help these organisations evaluate their position and identify areas for improvement. The report also underscores the increasing importance of partners, who must evolve their support to include education, integration, AI adoption, and technical expertise,” Saw added.

Key Findings – India

• India leads the JAPAC region with a cyber maturity score of 20.3 out of 25

• Cybersecurity budgets account for 13.0% of overall company revenue

• Investment in cybersecurity is expected to grow by over 10% in key areas: AI-specific capabilities (41.45%), security software (41.45%), and cyber insurance (39.14%)

• Currently, 69% of Indian organisations rely on partners for cybersecurity support, with this figure projected to rise to 77% within the next two years

Regional Insights – Asia-Pacific and Japan (JAPAC)

• Increasing reliance on partners: 79% of organisations expect to rely on partners for cybersecurity within two years, up from 53% today

• Growing budgets: 57% of organisations plan to increase cybersecurity spending in the next 12 months. Cybersecurity now accounts for 13.6% of total IT budgets, up from 6% in 2019

• AI readiness remains limited: Despite increasing investment, AI-related capabilities were among the lowest performing areas in current cybersecurity programmes

• Top priorities: Over the next 24 months, cloud security, identity and access management (IAM), and security information and event management (SIEM) are key areas for increased investment

• Inconsistent framework adoption: Implementation of NIST 2.0 scored lowest among five benchmark areas, highlighting a need for clearer guidance. Financial services, telecommunications, and utility sectors showed the strongest understanding and adoption of frameworks like NIST 2.0

“While mid-market organisations in the region have made measurable progress in improving their cybersecurity resilience, there remains significant opportunity for partners to offer targeted support, particularly in areas such as training, identity and access management, and data protection,” said Tim Dillon, Founder and Principal Analyst at Tech Research Asia.

The Cybersecurity Benchmark for Asia-Pacific and Japan, developed in collaboration with Tech Research Asia (TRA), surveyed more than 2,800 mid-sized organisations across 12 countries and various industries. The benchmark assessed five key dimensions: strategy execution, business integration, operational capabilities, solution maturity, and NIST 2.0 framework adoption. The regional average score was 19.01 out of 25, suggesting moderate maturity overall. However, the report highlights areas requiring improvement, particularly in AI readiness, ransomware defence, and the consistent implementation of recognised frameworks. The study was commissioned by Palo Alto Networks and completed in April 2025.