AI-fuelled cyber threats expose India’s deep security talent crunch

New Delhi: India just doesn’t have enough skilled engineers to consistently protect vital assets such as power grids, telecom networks, banks and government systems from cyber attackers, whose capabilities have grown more sophisticated with the use of artificial intelligence (AI).

Industry stakeholders and analysts that Mint spoke with said that India has about 350,000 professionals working in cybersecurity across various roles. In comparison, the demand across the country is for one million engineers, data sourced from staffing firms Adecco and Quess IT Staffing showed.

The gap has remained persistent, as demand for cybersecurity engineers is increasing: as of 2023, India had close to 300,000 engineers working on cyber security. While the pool of such professional has expanded gradually due to abundant opportunities and rising salaries, the pace of growth has not been sufficient to meet the industry demand.

“The threat gap is real, and is a key cause of concern for enterprises as cyber attacks are getting more and more sophisticated. At the heart of this concern is that AI is helping attackers automate many cyber threats, and the fact that cyber defence is always reactive in nature,” said Aditya Verma, former director of transformation and cybersecurity at Indian Navy, and leader - public sector security for India and south Asia at Cisco, a US technology company that makes networking and cybersecurity equipment.

India needs “to treat cybersecurity the way other security wings in the real world (are treated), and have a cyber cadre where state-level training is given at a grassroots-level," Verma said.

“Right now, most cybersecurity courses, including many that are backed by the Centre, are short-term certificates, or workshops that last for mere days. In terms of degrees certifying a chief information security officer (Ciso) ready to take charge at an enterprise, the talent still remains few and far between,” he added.

The need for more engineers has come as generative AI has accelerated the number of cyber attacks in India. Figures sourced from the Data Security Council of India (DSCI)’s 2025 India Cyber Threat Report said that between 2022 and 2024-end, the number of ‘behaviour-based cyber threat’ detection spiked from 13 million to 54 million—a rise of over four times within just two years.

This has left a significant talent gap in cybersecurity, despite competitive salaries.

Sanketh Chengappa, director of professional staffing at Adecco Group, said that for the most part, salaries are attractive for cybersecurity professionals.

“On an average, an engineer with about five years of work experience earns about ₹20 lakh per annum. Senior-level cybersecurity engineers, with about a decade’s experience, earn up to ₹60 lakh per annum. The pay is therefore quite fair. The real gap, as far as cybersecurity is concerned, is in the lack of professionals with adequate skills, and the dearth of ample cyber skilling courses and initiatives—in both the public sector and private firms,” he said.

The crunch is so severe that even organizations offering dedicated cybersecurity and managed services are struggling to hire and retain talent.

Dharshan Shanthamurthy, founder and chief executive of Bengaluru-based cybersecurity firm Sisa Infosec, told Mint that while there has been progress over the past decade, “the pace of skilling in cybersecurity programmes has not kept up with the demand, as the influx of AI tools in coding has made cyber attacks far more persistent and sophisticated.”

“While basic triaging of cyber threats can be automated, the higher-level threats need greater skills—and there are not enough takers for them yet,” he added.

Sisa Infosec offers cybersecurity teams and software to government bodies. In September last year, it partnered with the Ministry of Electronics and IT (Meity) and Indian Computer Emergency Response Team (Cert-In) to launch a national accreditation board-certified intensive workshop for early-stage security engineers, called Certified Security Professional for Artificial Intelligence (CSPAI).

On the sidelines of a MeitY event on 29 December, Sanjay Bahl, director general of Cert-In, told Mint that the government has made progress in addressing the supply gap of cybersecurity professionals. The government’s top cybersecurity body also runs other engineer training programmes, including an eight-week professional development course in partnership with the Birla Institute of Technology and Science (BITS), Pilani.

The skill gap, however, continues to remain stark—a factor that is affecting companies in India.

Cisco’s Verma said that in cybersecurity, domains such as statistical applications and AI-led specialisations are more in demand, as they allow skilled professionals to access higher-paying roles more quickly.

“Cybersecurity skilling, especially at the highest levels, requires effort at levels as low as undergraduate courses. There just isn’t enough movement in these fields, which is why the gap has remained persistent,” he said.

Sisa Infosec's Shanthamurthy added that for security firms, AI has been a saviour, too. “But, you need experienced engineers to offer public-sector cybersecurity services, which also involve sophisticated attacks from countries such as North Korea. The persistent skill disparity and continuing lack of adequate training courses is the biggest factor behind this,” he said.