93% of Indian executives expect to increase cyber security budget next year: Report The report highlights that Gen AI is at the helm of cyber investment priorities, with 87 per cent of organizations having boosted their investments over the last 12 months.

Indian executives rank cybersecurity as their top risk mitigation priority (61 per cent), followed by digital and technology risks (60 per cent), inflation (48 per cent), and environmental risks (30 per cent) for the next 12-months, as per findings from PwC's 2025 Digital Trust Insights – India Highlights.

The report revealed that 93 per cent of respondents anticipate an increase in their cybersecurity budgets next year, with 17 per cent planning to raise their budgets by 15 per cent or more—an increase of 1 per cent from last year. Additionally, 42 per cent of Indian business leaders are prioritizing data protection and remediation in the aftermath of recent cyber breaches as their main cyber investment for the coming year.

"From the boardroom to operational teams, it is essential that business leaders hold each other accountable and respond to the evolving landscape of cyber threats. By embracing advanced technologies, adhering to foundational cybersecurity principles, and allocating resources effectively, organisations need to stay committed to fortifying defences and safeguarding their future," said Sivarama Krishnan, Partner and Leader, Partner & Leader, Risk Consulting, PwC India & Leader of APAC Cyber Security & Privacy, PwC.

Cloud-related threats remain the foremost worry, cited by 55 per cent of Indian executives as their most concerning cyber risk, marking a 3 per cent increase from the previous year. However, 50 per cent of security leaders and chief financial officers (CFOs) feel least prepared to address these threats in the coming year.

The report also goes on to state that all security leaders and CFOs have stated that regulations have prompted them to boost their cyber investments with 74 per cent enhancing or strengthening their cybersecurity stance. It underscores the critical role of strategic investments and regulatory compliance in shaping a resilient cyber future for Indian businesses.

Further reinforcing the shift towards advanced technological defences, the report highlights that Gen AI is at the helm of cyber investment priorities, with 87 per cent of organizations having boosted their investments over the last 12 months. Additionally, 86 per cent of organizations have increased their spending on AI governance as part of their risk management strategies. Furthermore, 80 per cent of Indian companies are highly confident in their ability to comply with AI regulations.

"Advances in emerging technologies such as artificial intelligence (AI) and the increased adoption of cloud services have significantly expanded the attack surface for enterprises. This trend underscores the necessity for a flexible, enterprise-wide resilience strategy. Organizations must align their priorities and readiness at every level to safeguard security and ensure seamless business continuity," said Manu Dwivedi, Partner and Leader – Cybersecurity and Risk Consulting GCC, PwC India.

The report also stated that despite all efforts, the impact of cyber incidents remains substantial. The percentage of security leaders in India reporting a data breach with costs exceeding USD 20 million has decreased by 3 per cent from last year to 8 per cent. Additionally, 44 per cent of leaders have experienced a data breach costing over USD 500,000 in the past three years. More than 33 per cent of leaders indicate that most of their serious data breaches within the last three years have incurred costs of no less than USD 1 million.

"Although a majority of senior leaders acknowledge the importance of quantifying cyber risk to prioritize investments, only one-fifth of organizations are adopting thorough risk quantification methodologies. This disparity highlights an overlooked opportunity that must now be addressed. Developing a dependable cyber risk quantification system is crucial for informed decision-making and prioritizing strategic investments," Sivarama added.

In a separate report by Sophos and Tech Research Asia, only 39 per cent of Indian companies have the ability to withstand a prolonged ransomware event. The findings reveal that Indian companies are most concerned about cyber threats from AI-augmented attacks and credential theft, highlighting the critical need for enhanced security strategies.