As India’s cyber threat landscape grows increasingly complex, organisations are struggling to fill critical security roles. According to ISACA’s survey, 40 per cent of India-based cybersecurity teams are understaffed and 68 per cent have unfilled positions, pointing to a deepening talent crunch even as cyber risks mount.
The survey found a concerning trend: fewer Indian enterprises are training non-security employees to transition into cybersecurity roles. Only 34 per cent of organisations now offer such training, a sharp decline from 50 per cent last year. Despite this, 39 per cent of respondents said that more than half of their current cyber workforce had originally transitioned from other disciplines.
“India’s cybersecurity landscape is at a pivotal point, with rising demand for skilled experts to navigate a complex threat landscape, in the midst of persistent talent shortages and underinvestment in staff training, which leave enterprises vulnerable,” said RV Raghu, ISACA India Ambassador and Director, Versatilist Consulting India.
“To defend against today’s sophisticated threats, organisations must invest not only in advanced technologies but also in developing adaptable, well-supported cybersecurity teams,” he added.
Hiring Challenges, Talent Retention Woes
The report revealed persistent recruitment hurdles, with 38 per cent of Indian respondents saying it takes three to six months to hire for entry-level roles and 42 per cent citing similar timelines for mid- or senior-level positions. Over 55 per cent of organisations admit to struggling with retention, while a vast majority (83 per cent) expect demand for technical cybersecurity professionals to rise—higher than the global average of 70 per cent.
On the positive side, fewer Indian respondents view their cybersecurity budgets as underfunded, down to 42 per cent from 57 per cent last year. Moreover, 65 per cent expect their budgets to increase, compared with just 41 per cent globally.
Adaptability and Soft Skills Take Centre Stage
As cyber threats evolve, employers are prioritising adaptability and hands-on experience. In India, 76 per cent of respondents said prior cybersecurity experience is the top qualification, followed closely by adaptability (73 per cent).
Soft skills are also emerging as a key differentiator. Critical thinking (55 per cent), problem-solving (52 per cent), and communication (51 per cent) were identified as the most critical yet often lacking capabilities among cybersecurity professionals.
AI Takes Bigger Role in Cybersecurity Operations
Artificial Intelligence is rapidly reshaping cybersecurity functions. Half of Indian respondents reported contributing to AI governance, up from 31 per cent last year, while 46 per cent are now involved in AI implementation, up from 29 per cent.
The primary use cases for AI in security operations include automated threat detection and response (42 per cent), endpoint security (37 per cent), and routine task automation (33 per cent), indicating growing reliance on AI to bridge skill and speed gaps.
Stress and Burnout Intensify Amid Rising Threats
The report paints a sobering picture of workplace stress. Nearly six in ten (59 per cent) cybersecurity professionals in India say their job is more stressful now than five years ago. The top causes of stress include the complex threat landscape (60 per cent), limited career progression (48 per cent), and inadequate financial incentives (45 per cent).
Exploited vulnerabilities remain the top attack vector (52 per cent) for Indian organisations, followed by ransomware (48 per cent) and denial of service attacks (38 per cent). Around 27 per cent report an increase in attacks this year, while 25 per cent believe a cyberattack on their organisation is “likely or very likely” within the next year. |
