Indian Firms Face Rising Cybersecurity Pressure as CISOs Battle Insider Threats, Ransomware, and GenAI-Driven Risks

Proofpoint (a US-headquartered cybersecurity and compliance company) surveyed 1,600 CISOs from 16 countries and found two clear global trends that more security breaches are making people more worried, and companies must balance opportunities with growing risks because GenAI is being used so quickly.

The figures are especially scary in India. The most Chief Information Security Officers (CISOs), nearly 90% think that cyber attacks will happen against their companies in the next year. Even so, more than 74% of them say that their companies aren't fully ready to deal with these kinds of issues.In 2024, many businesses have already lost important data, and worries are rising about ransomware, supply chain attacks, and threats from inside the company. 

Insiders are still a weak spot for most companies; 96% of CISOs say that breaches are mostly caused by employees leaving or making mistakes. Even so, the rise of Generative AI (GenAI) has made things even more complicated. CISOs see GenAI as a strong way to bring new ideas to the table, but most are also worried that it could put personal information about consumers at risk. It's much higher in India than anywhere else in the world: almost three quarters of Indian companies have limits on how their employees can use GenAI. A lot of companies are moving away from total prohibitions and toward governance and defenses driven by AI.

The Way Forward: Building Stronger Cyber Defences

To tackle the rising wave of cyber attacks and growing GenAI risks, companies in India need practical and proactive solutions. Some key steps include:

Stronger Insider Risk Management: Companies need to address human error and insider threats by tightening access controls, monitoring exiting employees, and running regular awareness programs.

Investment in Cyber security Resources: CISOs cannot fight growing threats with limited tools. Organisations should allocate higher budgets for advanced security systems, skilled staff, and continuous training.

Adopting AI-Powered Defences: Instead of restricting GenAI completely, firms should focus on building AI-driven security tools and clear usage guidelines to balance innovation with safety.

Incident Response and Preparedness: Companies must develop strong incident response plans, conduct regular simulations, and ensure quick recovery systems are in place to reduce the impact of attacks.

Promoting Cyber Resilience Culture: Cyber security should not rest only on CISOs, employees, management, and partners must all share responsibility. Building a culture of accountability can reduce risks significantly.

These results send a strong message that Indian companies are going through a difficult time as they try to balance being ready for security with keeping up with fast technology change. As threats get smarter and AI is used more, CISOs need to do more than just protect data. They also need to rethink how to make their organizations more resilient in the long run. How well companies do will rest on how quickly they acquire resources, train their employees, and make rules about new technologies more strict. In the end, cybersecurity in 2025 will not just be about methods. It will also be about building trust, responsibility, and smarter systems that can change with the times.