A recent survey conducted by Zscaler, a global leader in cloud security, has exposed a significant disconnect between Indian organizations’ confidence in their cyber resilience and their actual preparedness. The study, which surveyed IT decision-makers across 12 countries, revealed that while 97% of Indian IT leaders believe their cyber resilience strategies are effective, 67% admit that the budget allocated for cyber resilience is insufficient to counter the rapidly evolving threat landscape.

Furthermore, only 53% of organizations have updated their cybersecurity strategies to address AI-driven threats, raising concerns about the country’s readiness for modern cyberattacks.

The report underscores a critical issue in leadership commitment to cybersecurity. While 57% of Indian IT leaders claim that cyber resilience is a top priority for their leadership—significantly higher than the global average of 39%—this focus has not yet translated into sufficient funding and proactive measures. Additionally, 70% of Indian organizations do not involve Chief Information Security Officers (CISOs) in resilience planning, leading to a fragmented and siloed approach that weakens strategic alignment and execution.

Jay Chaudhry, CEO, Chairman, and Founder of Zscaler, emphasized the importance of proactive resilience, stating that cyber threats are no longer a question of “if” but “when.” He warned that outdated firewalls and VPNs leave organizations exposed to persistent cyber threats, making Zero Trust architecture a necessity for modern cybersecurity. He urged leadership teams to collaborate closely with IT departments to implement a strong cyber resilience strategy that prepares organizations for sophisticated AI-driven attacks.

Despite the growing threat landscape, many Indian businesses remain overly reliant on prevention rather than detection and response. The study found that 61% of IT leaders cite complex IT infrastructure as the biggest obstacle to achieving cyber resilience. While 94% of Indian IT leaders recognize the benefits of cloud security—the highest percentage globally—many organizations continue to depend on outdated security models. Moreover, only 43% of organizations engage in risk-hunting practices to mitigate cyberattack damage, and less than half have adopted proactive security measures like Zero Trust micro-segmentation (45%) or deception technologies (39%).

With India’s rapid digital transformation, cybersecurity risks are escalating, especially with the rise of GenAI-driven threats and evolving regulatory requirements like the DPDP Act. Ananth Nag, Vice President and Managing Director, India at Zscaler, stressed the need for organizations to modernize their security approach. He highlighted that simplifying IT infrastructure, leveraging AI-powered security, and adopting proactive risk-hunting measures are crucial for bridging the gap between confidence and preparedness. He also noted that compliance with the DPDP Act demands a stronger focus on data protection and governance, further emphasizing the need for robust cybersecurity strategies.

To address these challenges, Zscaler advocates for a ‘Resilient by Design’ approach, which integrates Zero Trust principles to enhance visibility, control, and AI-driven threat mitigation. This strategy focuses on minimizing the attack surface, preventing initial compromise, eliminating lateral movement, and stopping data loss. By embedding resilience into their cybersecurity frameworks, Indian businesses can not only enhance protection against evolving threats but also ensure long-term digital growth, regulatory compliance, and business continuity in an increasingly complex cyber landscape.