Bengaluru: With the rapid evolution of cyber threats outpacing formal curriculum there is a shortage of skilled workforce in the cyber security domain. As October, observed as Cybersecurity Awareness month, winds down, experts stress on the urgent need for education on digital safety.

“Recent studies estimate a demand for nearly one million cyber security professionals, while the current supply meets only about half of this need,” Sundar Balasubramanian, Managing Director, Check Point Software Technologies, India & South Asia, told DH.

According to him, this shortfall is also driven by insufficient practical and compliance-oriented skill development in traditional IT programs, and expanding business demands in areas such as cloud, AI, and DevSecOps.

According to Check Point’s Threat Intelligence Report, Indian enterprises face an average of 3,233 cyberattacks per week. This number exceeds the global average of 2,002 attacks per organisation over the past six months.

“The most targeted sectors are Education with 7,095 attacks per week, Government with 5,140, and Consumer Goods and Services with 3,889. Attackers, including state sponsored groups and professional hackers, are increasingly leveraging AI to automate and scale operations, resulting in more sophisticated and harder to detect threats,” he said.

Ransomware has evolved from simple data encryption to multi-layer extortion, where attackers steal sensitive data and tailor ransom demands, often linked to cyber insurance coverage.

Cloud environments are increasingly at risk due to misconfigurations and insecure APIs (application programming interface).

“The expansion of attacks into Tier 2 and Tier 3 cities highlights the broadening threat landscape. State sponsored advanced persistent threats such as APT36 are using cloud platforms for espionage against strategic sectors. Looking ahead, the misuse of AI is expected to amplify social engineering, phishing, and deepfake driven attacks, while emerging technologies such as quantum computing may redefine future threats,” he said.

He added that to address these challenges, organisations must adopt AI powered defence tools, advanced Security Operations Centres, and Zero Trust frameworks for real time, prevention-first security.

“Cyber threats such as phishing, malware links, and data breaches have been evolving, and the numbers of cyber-attacks are exponentially increasing. A mobile user is unaware of how exposed and at risk their personal information and communications are. It is essential that we become more cyber-aware and use precautionary measures to safeguard our digital lives,” said Srinivas L, Joint MD and Joint CEO for 63SATS Cybertech.

Cybersecurity in 2026

Research firm Forrester in its latest Cyber Security & Risk Predictions 2026 report explored five predictions for cybersecurity, risk and privacy in 2026. Its five key predictions include that an agentic AI deployment will cause a public breach and lead to employee dismissals; and quantum security spending will exceed 5 per cent of the overall IT security budget.

Balasubramanian of Check Point Software Technologies said, “As we look towards 2026, Indian businesses are expected to face rapidly evolving cyber threats driven by generative AI and autonomous attack tools. AI-powered phishing, deepfake impersonation, and synthetic cyberattacks targeting both text and multimedia will become more widespread and harder to detect, putting executive communications, financial transactions, and customer data at risk.”

The rise of ransomware-as-a-service and machine-driven social engineering will enable cybercriminals of varying technical skill to carry out highly targeted campaigns, increasing breach likelihood across sectors.

“Critical infrastructure, especially in power, energy, and financial services, will become key targets as digital transformation accelerates. This will drive stricter cyber security regulations and mandatory audits starting January 2026. Emerging attack vectors will include prompt injection and model hijacking in generative AI systems, large-scale supply chain attacks, and malware leveraging autonomous agents that adapt in real time to bypass defences,” he explained.

He further noted that organisations must adopt AI-driven monitoring and response platforms, invest in employee awareness around deepfake threats, enforce regular vulnerability assessments, and build robust incident response plans.

Growing demand for talent

The need for cybersecurity talent is rising rapidly across BFSI, retail, healthcare and manufacturing. Kapil Joshi, CEO, Quess IT Staffing, Quess Corp said financial institutions are investing heavily in secure credit systems, fraud detection and digital payment infrastructure. In healthcare, the growing use of telemedicine and patient-data platforms has increased the urgency for privacy and compliance.

Retail organisations are also strengthening their defences for e-commerce platforms where each transaction generates sensitive information. According to the Quess GCC Report, cybersecurity continues to record steady momentum as organisations deepen investments in AI-led risk controls and compliance visibility.

“The report also notes an 18 per cent skill gap in this area, making it one of the most talent-constrained domains across digital functions. BFSI has seen a sharp rise in digital hiring, much of it focused on risk and compliance automation as institutions modernise their systems to align with tighter regulatory oversight and data-governance standards. Tier-2 cities such as Kochi, Coimbatore and Indore have recorded a quarterly growth of 5-9 per cent in areas like cloud security testing and AI incident response, indicating that talent is spreading beyond metros and into new delivery hubs,” Joshi said.