Site Search Site Search

Menu

Menu

Menu

Menu

Featured

Catalysing new value streams in oil and gas with agentic AI

IT services as a value multiplier in global capability centres

Catalysing intelligent autonomy to empower businesses

Loading Results

New world, new rules: Cybersecurity in an era of uncertainty

2026 Global Digital Trust Insights: C-suite playbook and findings – India edition 

Overview

Indian organisations are investing significantly in cybersecurity—with 72% of leaders prioritising cyber risk in their strategic plans. However, only a small fraction are fully equipped to handle the emerging threats. This gap isn’t a sign of weakness but a call for strong leadership. It reminds us that resilience comes from tackling risks head-on, not avoiding them.  Nearly 60% of Indian organisations say they are spending more on proactive cybersecurity measures, and 47% are looking to prioritise agentic AI as one of the top AI security capabilities over the next 12 months. The emergence of AI and quantum computing is changing how we engage with threats. These technologies are here to revolutionise how we defend, detect, and respond to threats. But they also demand new skills. The ongoing shortage of cyber talent, complexity of third-party risks, and changing landscape of the digital age urge us to rethink how we lead, govern, and innovate.  

While Indian businesses are making progress, significant challenges remain.

For one, quantum threat readiness is lagging. Though quantum computing is one of the top three threats, 40% of organisations in India have not yet considered or not started implementing quantum-resistant security measures. Further, only 5% are prioritising these measures in their budgets. Third-party breaches are another top unaddressed risk, with 18% of India’s business leaders ranking them as the threat they are least prepared to handle due to limited visibility into vendor practices and fragmented governance. 

 

Key themes

Risk and threat landscape

Risk and threat landscape: Geopolitics is reshaping cyber vulnerabilities

Risk and threat landscape

Cyber strategy and operations: Where investment meets impact

Risk and threat landscape

AI in cybersecurity: From promise to priority

Risk and threat landscape

Quantum computing readiness: Preparing for next-level threats

Risk and threat landscape

Cyber talent and skills: Managed services move to the front line

Risk and threat landscape

C-suite playbook: From uncertainity to action-what leaders can do now

  • 72%

    of Indian organisations are increasing cyber risk investment in response to geopolitical volatility

  • 87%

    expect their cyber budget to increase over the coming year

  • Top

    cyber investment priority for security leaders is AI

  • Top 3

    threats organisations are least prepared to address now include quantum computing

  • 61%

    rank AI and machine learning tools among their top three priorities to address cyber talent gaps over the next 12 months

Risk and threat landscape

Geopolitics is reshaping cyber vulnerabilities

72%

of Indian organisations are increasing cyber risk investment in response to geopolitical volatility

42%

are reassessing their cyber insurance policies

Top2

cyberthreats organisations are least prepared to address: third-party risks and quantum computing

A rapidly shifting world order marked by strained alliances, trade disputes, and weakened international institutions is redefining the cyber threat landscape and challenging traditional models of global business. In this new era of strategic competition, organisations are proactively re-evaluating their cyber capabilities, operational footprints, and global partnerships to build resilience and seize emerging opportunities.

In response to this geopolitical volatility, 72% of Indian business and technology leaders have made cyber risk investment one of their top three strategic priorities for the year ahead, significantly higher than global leaders (60%).

geopolitics reshaping cyber vulnerabilities

 This elevated focus reflects a heightened awareness in India of cybersecurity’s role as a strategic enabler of resilience and business continuity.

  • 0% are re-evaluating the location of critical infrastructure
  • 0% are considering changes where business is conducted
  • 0% are reassessing their cyber insurance policies

Cyber strategy changes in response to current geopolitical landscape

72% 49% 38% 42% 43% 29% 1% 0% 60% 41% 39% 39% 31% 26% 8% 1% Increase in cyber risk investment Change in critical infrastructure location Change in trade and operating policies Change in cyber insurance policies Change where business is conducted Change in vendors No significant changes Unsure India Global

Cyber strategy and operations

Where investment meets impact

0

are spending significantly more on proactive vs reactive cybersecurity measures

0

expect their cyber budget to increase over the coming year

0

are measuring the financial impact of cyber risks to a large extent

Cyber budgets: Still rising, but with sharper focus

Cyber budgets are still rising, though at a more deliberate pace. This year, 87% of leaders of Indian organisations expect their cyber budgets to grow in the coming year and nearly one-third of them plan to boost spending by more than 10%—a slight dip from last year’s 93%, yet a strong signal of sustained investment. This moderation may reflect a strategic rebalancing, as organisations respond to geopolitical volatility while reassessing how cyber risk fits within broader business priorities.

Changes in cyber budgets in 2026

India Global 13% 19% 38% 17% 7% 2% 4% 7% 10% 32% 29% 12% 2% 2% 1% 1% 4% 1% Increase by 15% or more Increase by 11-14% Increase by 6-10% Increase by 5% or less Will not change Decrease by 5% or less Decrease by 6-10% Decrease by 11-14% Decrease by 15% or more Cannot determine at this time I don't know any detail on the cyber budget

AI in cybersecurity

From promise to priority

Top cyber investment priority for security leaders is AI

Top AI security capability prioritised by security leaders is threat hunting

Top 3 areas of priority for agentic AI are cloud security, data protection, and cyber defence

AI in cybersecurity

AI’s potential for transforming cyber capabilities is clear and far-reaching. That’s why it ranks highest in several categories we surveyed. AI enablement of key cyber capabilities is the top priority when it comes to allocating cyber budgets, using managed cybersecurity services, and addressing cyber talent gaps. AI is the top cyber investment area and the focal point for closing capability and talent gaps for Indian organisations. 

Over the next 12 months, leaders place the highest emphasis on AI‑enabled threat hunting, alongside agentic solutions, identity and access management, vulnerability scanning, and assessment programmes, signalling a pivot from tooling to intelligence‑led detection and response.

Agentic AI among the top prioritised AI security capabilities

India Global 5% 1% 20% 8% 12% 9% 14% 29% 1% 18% 25% 47% 33% 41% 33% 36% 60% Unsure Red teaming Penetration testing Agentic AI Event detection and behavioural analytics IAM Vulnerability assessments Vulnerability scanning AI threat hunting Ranked 1 (%) Ranked in top 1-3 (%) 1% 5% 8% 16% 12% 12% 12% 12% 19% 2% 16% 29% 35% 36% 36% 38% 38% 48%

Quantum computing readiness

Preparing for next-level threats

Top 2

Cyber threats organisations are least prepared to address now include quantum computing

40%

of organisations haven’t considered or started implementing any quantum-resistant security measures

Only 5 %

of security leaders include quantum readiness in their top three budget priorities

As India accelerates its digital transformation journey in 2025, the emergence of quantum computing is no longer a distant possibility. Some organisations in India have made initial progress, with 33% in the piloting and testing stages. However, only 28% have moved beyond piloting, and almost 40% haven’t considered or started implementing any quantum-resistant security measures. These gaps highlight the importance of CERT-In’s guidance: Overcoming barriers such as limited awareness, resource constraints, and competing demands will require proactive, structured, and continuous action to ensure India’s digital infrastructure remains resilient in the quantum era.

Quantum computing readiness

 Quantum-resistant security progress

India Global 28% 33% 24% 9% 7% 22% 29% 33% 9% 7% We are implementing quantum-resistant security measures We have begun implementation and are at the piloting and testing stage Unable to confirm at this time

Cyber talent and skills 

Managed services move to the front line

A persistent cybersecurity talent shortfall is slowing progress just as organisations aim to operationalise AI, secure complex environments, and prepare for next-generation threats. Over the past year, knowledge and skills gaps were the two most cited barriers to implementing AI for cyber defence—prompting a shift from hiring alone to scaling capability through multiple levers. Many Indian organisations are exploring new ways to gain proficiency, including AI tools (61%), cybersecurity tool consolidation (51%), security automation tools (49%), and upskilling or reskilling (49%).

Top 2

challenges to implementing AI for cyber defence are knowledge and skills gaps

61%

rank AI and machine learning tools among their top three priorities to address cyber talent gaps over the next 12 months

AI implementation challenges for cyber defence

Organisations in India are also proactively adjusting their operational strategies: (% that ranked in their top 3 areas) Q2. Over the next 12 months, which of the following areas of your organisation's cyber strategy is changing in response to the current geopolitical landscape? Base: All respondents=3887Source: PwC 2026 Global Digital Trust Insights 0,0 0,2 0,4 0,6 0,8 1,0 are re-evaluating the location of critical infrastructure 41% 49% Change in critical infrastructure location 39% Change in trade and operating policies 39% Change in cyber insurance policies 31% Change where business is conducted 26% Change in vendors Lorem ipsum 72% 49% 38% 42% 43% 29% 1% 0% 60% 41% 39% 39% 31% 26% 8% 1% Increase in cyber risk investment Change in critical infrastructure location Change in trade and operating policies Change in cyber insurance policies Change where business is conducted Change in vendors No significant changes Unsure India Global Very capable Somewhat capable Not very capable Not capable at all Unsure/not applicable 55% 57% 49% 55% 48% 45% 52% 38% 30% 44% 34% 44% 43% 39% 6% 10% 3% 8% 8% 8% 9% Unpatched software updates Lack of visibility into end points Insufficient network architecture Legacy systems Supply chain vulnerabilities India 55% 53% 48% 47% 47% 45% 43% 36% 37% 43% 42% 42% 40% 43% 7% 8% 7% 9% 9% 11% 11% Global India Global 44% 36% 29% 32% 26% 29% 13% 25% 11% 15% 11% 9% 2% 33% 28% 27% 26% 25% 23% 21% 20% 20% 19% 17% 15% Cloud-related threats Attacks on connected products Third-party breach Quantum computing threats Social engineering Software supply-chain compromise Hack-and-leak operations Ransomware Employment infiltration Exploits of zero-day vulnerabilities Business email compromise/account takeovers Distributed denial-of-service (DDoS) attacks India Global 13% 19% 38% 17% 7% 2% 4% 7% 10% 32% 29% 12% 2% 2% 1% 1% 4% 1% Increase by 15% or more Increase by 11-14% Increase by 6-10% Increase by 5% or less Will not change Decrease by 5% or less Decrease by 6-10% Decrease by 11-14% Decrease by 15% or more Cannot determine at this time I don't know any detail on the cyber budget India Global India Global India Global 30% 30% 17% 14% 6% 3% 24% 32% 21% 14% 7% 2% Significantly more on proactive measures Slightly more on proactive measures Slightly more on reactive measures Significantly more on reactive measures Unsure – we have no means of measuring 46% 33% 22% 26% 26% 28% 22% 14% 19% 16% 8% 15% 8% 5% 7% 2% 36% 34% 28% 26% 24% 21% 19% 18% 16% 15% 15% 10% 10% 8% 7% 7% AI Cloud security Network security and zero trust Data protection/data trust Threat management Cyber managed services Security awareness training Identity and access management (IAM) Supply chain and third-party risk management Endpoint security Application security Operational technology (OT) security Connected products Quantum computing API security Mobile security India Global 22% 16% To a significant extent 31% 34% To a large extent 31% 27% To a moderate extent 13% 15% To a limited extent 1% 4% Not at all, but planning to in the next two years 2% Not at all and no plans to in the next two years India Global India Global 5% 1% 20% 8% 12% 9% 14% 29% 1% 18% 25% 47% 33% 41% 33% 36% 60% Unsure Red teaming Penetration testing Agentic AI Event detection and behavioural analytics IAM Vulnerability assessments Vulnerability scanning AI threat hunting Ranked 1 (%) Ranked in top 1-3 (%) Ranked 1 (%) Ranked in top 1-3 (%) 1% 5% 8% 16% 12% 12% 12% 12% 19% 2% 16% 29% 35% 36% 36% 38% 38% 48% 16% 20% 20% 12% 7% 5% 7% 5% 2% 51% 48% 45% 31% 33% 18% 19% 12% 20% Cloud security Data protection Cyber defence and operations Security testing Cyber governance, risk, and compliance IAM Security architecture DevSecOps Strategy and business enablement 15% 15% 14% 10% 9% 9% 8% 6% 6% 39% 39% 38% 31% 30% 27% 23% 19% 19% Planning next 12 months (current %) Partially implemented (current %) Implemented (current %) Unsure/not applicable (current %) No plans (current %) 57% 51% 44% 49% 45% 47% 34% 30% 27% 32% 36% 29% 35% 26% 39% 38% 13% 15% 20% 20% 18% 26% 22% 29% Data classification policies Data loss prevention across key egress channels Data controls across the entire data life cycle Data encryption, tokenisation, anonymisation at scale Data quality capabilities Data discovery and cataloguing across structured and unstructured data Data minimisation approaches Responsible AI practices India Global 50% 48% 44% 44% 41% 40% 37% 34% 32% 33% 36% 34% 37% 37% 37% 37% 12% 14% 14% 14% 15% 16% 17% 23% 28% 33% 24% 9% 7% 22% 29% 33% 9% 7% We are implementing quantum-resistant security measures We have begun implementation and are at the piloting and testing stage Unable to confirm at this time Exploring Planning to implemented in the next 2 years Implemented Unable to confirm at this time Have not considered Not applicable India Global 20% 27% 25% 27% 41% 35% 51% 25% 24% 22% 29% 16% 25% 13% 38% 29% 36% 28% 9% 26% 11% 11% 11% 11% 22% 12% 26% 7% Quantum-resistant encryption Cryptographic discovery Assessment of asset-based quantum risk Implementing 'trust by design' principles Assessment of third-party cryptologic standards Conducting a feasibility analysis Data mapping and inventory 28% 29% 31% 31% 32% 39% 42% 26% 26% 24% 26% 24% 22% 24% 26% 24% 25% 24% 25% 22% 20% 12% 13% 12% 10% 12% 10% 9% India Global 44% 36% 34% 38% 29% 31% 25% 20% 2% 9% 37% 36% 34% 33% 29% 28% 25% 24% 5% 4% 3% Gaps in technical expertise to adopt industry standards (e.g. NIST encryption standards) Gaps in dedicated quantum computing knowledge and resources Gaps in existing systems and/or data integration challenges Prioritisation of more near-term cybersecurity initiatives Lack of visibility into cryptographic vulnerabilities Lack of data encryption, tokenisation and/or anonymisation capabilities Lack of data retention policies and defensible disposition Lack of strategic direction from leadership None of the above Not applicable Unsure India Global 31% 32% 34% 39% 41% 50% 28% 36% 33% 44% 50% 60% ‘Talent gap’challenges Risk appetite for usage of AI is unclear Lack of relevant skills India Global 55% 48% 45% 42% 40% 27% 5% 2% 47% 41% 40% 39% 38% 35% 6% 7% Lack of network segmentation between OT/IIoT and IT environments Gaps in understanding the scope of OT/IIoT cyber risk Lack of governance and responsibility for OT/IIoT cybersecurity Lack of visibility of OT/IIoT assets No significant OT/IIoT footprint No significant challenges of OT/IIoT assets 38% 51% Artificial intelligence (AI) 32% 32% Cloud security 28% 25% Threat management 27% 32% Data protection/ data trust 24% 26% Network security and zero trust 19% 21% Endpoint security 18% 18% IAM 17% 12% Supply chain and third-party risk management 16% 16% Application security 13% 9% Connected products 12% 15% OT security 11% 9% Quantum computing 9% 4% Mobile security 9% 7% Security awareness training 8% 9% API security 2% 2% 12% 8% 18% 15% 9% 8% 2% 13% 6% 2% 2% 1% 44% 36% 29% 32% 26% 29% 13% 25% 11% 15% 11% 9% 2% Cloud-related threats Attacks on connected products Third-party breach Quantum computing threats Social engineering Software supply-chain compromise Hack-and-leak operations Ransomware Employment infiltration Exploits of zero-day vulnerabilities Distributed denial-of-service (DDoS) attacks Unsure 1% 13% 33% 8% 28% 10% 27% 11% 26% 9% 25% 8% 23% 7% 21% 8% 20% 8% 20% 7% 19% 5% 17% 5% 15% Ranked 1 (%) Ranked in top 1-3 (%)

C-suite playbook

What leaders can do now

This year’s survey shows that the most forward-looking organisations are aligning cybersecurity with business strategy and prioritising readiness over being reactive.

Many have already established foundational cyber risk management practices by reinforcing a governance structure that aligns to leading cyber frameworks, embedding cyber risk controls across the enterprise and prioritising risk assessments and reporting.

To be future-ready, however, you’ll need to do more than business as usual. That means confronting uncertainty, making bold but informed decisions, and building agility into your strategy.

About the survey

The 2026 Global Digital Trust Insights survey has been designed to capture the views of 3,887 business and technology executives conducted in the period from May to July 2025. The India edition of the global survey report focuses on the responses of the executives of 138 Indian businesses.

33% of the respondents are executives in large Indian companies with $1 billion or more in revenue; 34% are in companies with USD 10 billion or more in revenues.  

64% of the respondents from India who participated in our survey are tech executives and 36%, business executives.

PwC Research, PwC’s global Centre of Excellence for market research and insight, conducted this survey.

Contact us

Siddharth Vishwanath

Partner and Leader – Risk Consulting, Mumbai, PwC India

Email

Sundareshwar Krishnamurthy

Partner and India Cyber Leader, PwC India

Email

Anirban Sengupta

Partner and Co-Leader - Cyber and Digital Risk, PwC India

Email

Follow PwC India

Required fields are marked with an asterisk(*)

Your personal information will be handled in accordance with our Privacy Statement. You can update your communication preferences at any time by clicking the unsubscribe link in a PwC email or by submitting a request as outlined in our Privacy Statement.

Hide

© 2018 - 2025 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.