ISACA’s State of Cybersecurity 2025 survey report also finds that 83 percent of India-based security professionals expect the demand for technical cybersecurity pros to rise in the next year, compared to 70 percent globally
Bangalore, India, 7th October 2025 – While 40 percent of India-based cybersecurity teams are understaffed and 68 percent have unfilled cybersecurity positions, ISACA’s new State of Cybersecurity 2025 survey report, which explores insights into cybersecurity skills, hiring trends, budgets, cyber risk, and the role of AI, finds that fewer enterprises are training non-security staff to move into security roles.
These revealing statistics further highlight that just 34 percent of enterprises provide this training, compared with 50 percent the previous year. However, 39 percent of respondents indicate that more than half of their current cyber staff members transitioned from roles outside the field, according to the 11th annual global survey report.
Commenting on the survey, RV Raghu, ISACA India Ambassador, and director, Versatilist Consulting India Pvt Ltd, said, “India’s cybersecurity landscape is at a pivotal point, with rising demand for skilled experts to navigate a complex threat landscape, in the midst of persistent talent shortages and underinvestment in staff training, which leave enterprises vulnerable. To defend against today’s sophisticated threats, Indian organisations must invest not only in advanced technologies but also in developing adaptable, well-supported cybersecurity teams.”
Insights into staffing resources
Survey respondents indicate there is a high demand for technical cybersecurity professionals, but challenges with hiring and retention persist. Thirty-eight percent of Indian respondents say it takes three to six months to hire for entry-level roles, and 42 percent say the same for non-entry-level roles. More than half (55 percent) of the respondents in India admit their organisations struggle to retain cyber talent. However, 83 percent of Indian cybersecurity professionals expect demand for technical contributors to rise (compared to 70 percent globally).
Fewer Indian respondents are indicating their budgets are underfunded (42 percent compared with 57 percent last year), and 65 percent expect budget increases (up from 62 percent). This is compared to a more pessimistic view globally, with 53 percent of global respondents indicating their budgets are underfunded (compared to 59 percent last year), and only 41 percent expecting budget increases.
Adaptability, soft skills in demand
In an environment where technology and threats are constantly changing, the top qualifications in demand in India have adjusted as well— with prior cybersecurity experience now the top qualification factor (76 percent), closely followed by adaptability (73 percent).
Respondents in India noted that of the skills gaps witnessed in cybersecurity professionals, soft skills are at the top (56 percent)—specifying that the key soft skills needed include critical thinking (55 percent), problem-solving (52 percent) and communication (51 percent).
A greater voice in AI implementation, policy
Indian respondents indicate that they are increasingly using AI in their work, as well as AI policy is playing a larger role across organizations. Fifty percent of Indian respondents state that they have helped develop AI governance (up from 31 percent last year), and 46 percent have been involved in AI implementation (up from 29 percent). The main uses of AI in security operations included automating threat detection/response (42 percent), endpoint security (37 percent) and routine task automation (33 percent).
Complex threat landscape, high stress
The report further states that today’s complex threat landscape in India is dominated by exploited vulnerabilities, with 52 percent of respondents noting this as the top attack type used against their organisation, followed by ransomware (48 percent) and denial of service (38 percent). Twenty-seven percent of cybersecurity professionals in India report increased attacks this year.
Twenty-five percent of Indian cybersecurity professionals believe an attack on their organisation is likely or very likely in the next year. Additionally, 31 per cent believe cybercrime is underreported, even when reporting is required.
It may not come as a surprise, then, that 59 percent of the Indian cybersecurity professionals surveyed also said that their role is more stressful now than five years ago, with 60 percent citing the complex threat landscape as their top stressor. Globally, high stress is cited as the top reason for attrition. Among Indian respondents, it features among the top reasons for attrition (40 percent), behind by limited promotion and development opportunities (48 percent) and poor financial incentives (45 percent).
“Cybersecurity professionals are navigating an increasingly complex threat landscape, marked by the rapid evolution of cyber threats and an uptick in the frequency and sophistication of attacks. More cyberattacks in the coming year are likely to exacerbate pressure on cybersecurity staff, making it even more important to routinely evaluate support systems and training resources to improve their cybersecurity capabilities and resilience,” says Chris McGowan, ISACA principal, information security professional practices. “It’s imperative that organisations not only bolster their defences but also prioritise the well-being of their cybersecurity teams.”
