The rush to adopt artificial intelligence (AI) is triggering a cybersecurity spending wave across corporate India, with investments increasing 30% year-on-year as companies move to protect data, digital operations and AI systems, said Data Security Council of India chief executive Vinayak Godse.
“Even sectors like manufacturing, which were not investing enough in cybersecurity earlier, are digitising aggressively and increasing investments,” he told ET, adding that larger cybersecurity investments would increasingly become the norm as enterprises prepare for the unprecedented risks and AI-powered deception that could accompany wider adoption of the technology.
The trend is already showing up in enterprise budgets. Cybersecurity budgets have risen to about 17% of total IT capital allocation, according to global research firm Forrester, making security one of the fastest-growing areas of technology spending.
The shift reflects a growing reality for companies deploying AI at scale. Alongside investments in cloud infrastructure, computing power and talent, businesses are being forced to spend more on monitoring, threat detection and cyber resilience as AI expands the attack surface and creates new risks.
The spending surge is being driven not only by AI-related risks but also by growing pressure on security teams. Aaron Bugal, field chief information security officer at global cybersecurity company Sophos, said many organisations are already struggling to cope with the volume of alerts and vulnerabilities generated by increasingly complex digital environments.
“The honest conversation happening inside security operations right now is not about whether the volume is too high, it is about how to function at all under the weight of it,” Bugal said.
According to Sophos, exploited vulnerabilities remained the leading technical root cause of ransomware incidents for the third consecutive year, accounting for 32% of attacks. “Security teams are increasingly spending time prioritising and filtering threats rather than fixing them, prompting greater investment in automation, monitoring and managed security services,” he said.
Regulatory requirements are also adding to the urgency. Earlier this month, the Indian Computer Emergency Response Team (CERT-In), the national nodal agency for cybersecurity, issued guidelines for organisations developing and deploying AI systems, asking them to strengthen vulnerability reporting, security testing and risk management practices as enterprises increasingly integrate AI into their operations. The advisory was aimed at improving preparedness as businesses deploy AI more widely and face new risks ranging from security vulnerabilities to AI-enabled fraud and deception.
Industry experts said the move reflects a broader shift towards continuous cyber preparedness as AI adoption accelerates and organisations face growing pressure to strengthen security and governance frameworks.
Biswajeet Mahapatra, principal analyst at Forrester, said cybersecurity spending is increasingly becoming a recurring operating expense rather than a one-time investment as companies adapt to AI-driven risks and tighter governance requirements.
Companies are moving from periodic compliance exercises to continuous security operations, turning cybersecurity into an ongoing business requirement rather than a standalone compliance exercise, he said, adding, “CERT-In is acting as a catalyst for long-term budget expansion rather than a short-term bump.”
Organisations are also facing a rapidly evolving threat landscape as both attackers and defenders gain access to increasingly sophisticated AI tools, according to Heng Lee, director of government affairs for Asia-Pacific and Japan at Kaspersky, a cybersecurity company. Companies that have historically underinvested in cybersecurity are now increasing spending on monitoring, logging and reporting infrastructure to improve visibility and resilience.
“No reporting requirement can be met without real-time visibility across an organisation’s environment. Effective reporting depends on effective detection,” Lee said.
For many companies, cybersecurity is becoming one of the hidden costs of AI adoption, according to experts. What was once largely confined to IT departments is now influencing technology budgets, risk planning and business decisions as enterprises weigh the opportunities of AI against the growing cost of securing it.
