Fortinet survey reveals up to 3X surge in AI-powered threats across India

Fortinet, a global provider in cybersecurity driving the convergence of networking and security, today announced the findings of a new IDC survey, which reveals a sharp rise in both the volume and sophistication of cyber threats across India and the wider Asia Pacific region. Commissioned by Fortinet, the study highlights the growing use of artificial intelligence (AI) by attackers to launch stealthy, fast-moving attacks, leaving security teams struggling to respond effectively. The evolving threat landscape is marked by increased complexity, visibility gaps, and overstretched cyber teams facing mounting challenges. 

AI joins the attacker’s arsenal and most organisations have felt the impact

AI-driven cybercrime is no longer a future concern, it is already affecting organisations across India. According to the survey, 72% of Indian businesses have experienced AI-powered cyber threats within the past year. Notably, 70% of these organisations reported that such threats had doubled in frequency, while 12% observed a threefold increase. These AI-enabled attacks are especially difficult to detect, as they often exploit human error, system misconfigurations, and weaknesses in identity and access management systems.

The most common forms of AI-driven threats reported in India include AI-assisted credential stuffing and brute-force attacks, deepfake impersonation used in business email compromise (BEC), polymorphic malware that constantly evolves to evade detection, automated reconnaissance of attack surfaces, and AI-generated phishing emails. Despite the scale and sophistication of these threats, only 14% of organisations feel very confident in their ability to defend against them. Furthermore, 36% acknowledge that these threats are surpassing their detection capabilities, and 21% are unable to track AI-powered threats at all revealing a significant gap in preparedness.

Cyber risk is now constant not just a crisis

The cybersecurity landscape has shifted from dealing with isolated incidents to managing persistent and evolving risks. Indian organisations are increasingly vulnerable to threats that operate silently and remain undetected. The most frequently reported types of attacks include software supply chain compromises (64%), cloud vulnerabilities (60%), phishing (54%), unpatched and zero-day exploits (50%), and ransomware (44%).

However, the most damaging threats are not always the most visible. Unpatched software, insider threats, cloud misconfigurations, and human error now rank among the most disruptive risks, as they often bypass traditional security defences and exploit internal weaknesses. While more conventional threats like phishing and malware continue to grow at a moderate pace of approximately 10% likely due to the widespread adoption of endpoint security tools and employee training programmes more complex and difficult-to-detect threats are surging. These include ransomware (22%), supply chain attacks (18%), insider threats (16%), cloud vulnerabilities (12%), and IoT/OT attacks (12%), all of which take advantage of gaps in governance, visibility, and system integration.

Cyberattacks are increasingly impacting business continuity and reputation. The most common consequences reported by Indian organisations include data theft and privacy violations (60%), loss of customer trust (50%), regulatory penalties (46%), and operational disruption (42%). Financial losses are also on the rise. More than half (56%) of surveyed organisations experienced breaches that resulted in financial loss, with one in five incurring costs exceeding US$500,000.

Security teams are under pressure: Too few people, too many problems

Indian security teams remain under-resourced and overstretched. On average, only 7% of an organisation’s workforce is allocated to internal IT functions, and just 13% of that group focuses on cybersecurity, amounting to fewer than one dedicated cybersecurity professional per 100 employees. Only 15% of organisations have a dedicated Chief Information Security Officer (CISO), while a majority (63%) continue to assign cybersecurity responsibilities to broader IT roles. Furthermore, just 6% of organisations have specialised teams for key security operations, such as threat hunting and incident response.

This resource shortfall is taking a toll. The leading challenges reported by cybersecurity teams include the sheer volume of threats (54%), difficulty in retaining skilled professionals (52%), and the complexity of security tools (44%). These pressures are contributing to staff burnout and fragmented security operations.

Investment is increasing, but not fast enough

Although awareness of cyber risk is rising, investment levels have not kept pace with the growing threat landscape. On average, only 15% of IT budgets in Indian organisations are allocated to cybersecurity, representing just 1.4% of overall revenue. Nearly 80% of respondents report an increase in cybersecurity spending, yet most of these increases remain below 10%, indicating a cautious approach to investment.

Nevertheless, a shift in priorities is underway. Organisations are moving away from infrastructure-heavy expenditure toward more strategic, risk-based investments. The top five areas of focus include identity security, network security, Secure Access Service Edge (SASE) and Zero Trust architectures, cyber resilience, and cloud-native application protection. However, other critical domains, such as OT/IoT security, DevSecOps, and cybersecurity training, continue to receive inadequate funding, exposing persistent vulnerabilities in both operations and human factors.

Platform-based resilience in an era of complexity

As cybersecurity threats grow more complex, Indian organisations are increasingly adopting a platform-based approach that integrates networking and security functions. An overwhelming 88% of respondents have either already embarked on this convergence journey or are actively evaluating it. This reflects the urgent need to simplify IT architectures, improve threat detection, and streamline operational workflows.

While 74% of organisations are already consolidating their security tools, nearly half still struggle with tool management indicating that the issue is no longer just about tool sprawl, but about fragmentation and poor integration. Vendor consolidation is now seen as a key strategic lever not only for cost reduction but also for improving response times, system integration, and overall visibility.

The top benefits organisations seek from consolidation include faster support (59%), reduced costs (53%), better integration of tools (53%), and an enhanced overall security posture (51%). This move toward consolidation and platform-based resilience reflects a broader shift in how Indian businesses are approaching cybersecurity in the face of escalating threats.