Sophos has released the India findings for its Cybersecurity Playbook for Partners in Asia Pacific and Japan research conducted by Tech Research Asia, revealing that only 39% of Indian companies have the ability to withstand a prolonged ransomware event.
The findings reveal that Indian companies are most concerned about cyber threats from AI-augmented attacks and credential theft, highlighting the critical need for enhanced security strategies. Key business areas requiring cybersecurity support include financial operations, digital transformation, risk management, and marketing operations. In response, 70% of organizations have implemented a cloud security strategy, while 56% are actively investing in AI-focused security measures. However, only 49% have established security maturity frameworks, and 44% report meeting security standards. Additionally, just 39% feel prepared to withstand a prolonged ransomware attack, underscoring the ongoing need for robust cybersecurity advancements.
While Indian businesses are embracing AI to enhance operations, they also recognize its dual nature—both as an asset and as a potential security risk.
“We can see India’s AI mission taking shape as enterprises are taking it seriously, both as a powerful ally and a potential threat. The fact that organizations are significantly boosting their cybersecurity budgets is a great sign that the country is committed to protecting its digital infrastructure. The growing investment in key areas such as threat detection, incident recovery, and data protection not only reflects the proactive stance of Indian businesses but also highlights their readiness to tackle the complex challenges posed by AI-driven cyber risks,” said Sunil Sharma, vice president of Sales – India and SAARC, Sophos.
However, gaps in cybersecurity readiness remain a reality, which is likely contributing to the inability to handle sustained ransomware and other destructive cyberattacks. To address skills shortages, 45% of businesses plan to outsource cybersecurity services, though 44% are reluctant to engage managed service partners that have experienced breaches. Additionally, 49% intend to upskill their teams through partner-supported training.
The report also highlights that only 5% of Indian organizations rely on a single security vendor and 71% use three or more to meet their cybersecurity needs. Multi-vendor environments are expected to grow as organizations seek flexible, tailored solutions.
“The increasing investments in cybersecurity and the preference towards multiple expert vendors presents a significant opportunity for MSPs to help enterprises improve their customers’ defences with a customized approach,” added Sharma.
In response to rising threats, Indian businesses are turning to globally recognized frameworks like the NIST Cybersecurity Framework and the Cloud Control Matrix (CCM) to bolster defenses. Furthermore, 98% of research respondents are enforcing stricter performance standards and SLAs, particularly with partners that have suffered breaches.
The report analyzed research from a sample of 900 companies across Australia, India, Japan, Malaysia, Philippines and Singapore to determine the priorities for businesses over the next 12 months, and the opportunities for managed security partners to support these ambitions.