Navigating the AI Era: How India Can Build Cyber Resilience at Scale

India’s digital economy is expanding rapidly — from payments to manufacturing to public services — all running on the backbone of cloud, AI, and real-time data. But growth brings challenges: cyberattacks are on the rise, the talent pool is stretched, and organisations often struggle with too many tools that add complexity rather than clarity.

To understand what’s changing and where cybersecurity is headed next, we sat down with Vishak Raman, Vice President, India, SAARC and Southeast Asia, Fortinet.

The State of Play

Q: When you look at India’s digital landscape today — banks, factories, government platforms — how would you describe the state of cybersecurity? Are we keeping pace with digital growth?

India’s digital economy has scaled at an incredible pace with real-time payments, automated manufacturing, and citizen services now running in the cloud. Cybersecurity has moved from being a backroom IT function to a boardroom priority, and today it even touches the living room as every household becomes digital.

Most organisations are investing more, but maturity levels vary — some sectors are advanced, while others are only beginning to formalise their strategies. The conversation has shifted away from point products towards convergence and consolidation. Cloud adoption, OT integration, and AI are driving a much-needed shift toward simplicity and integrated platforms.

At an individual level, cybersecurity is fast becoming a life skill. Just as we teach financial literacy or road safety, people will need to learn to navigate the digital world safely — and there’s still a lot of work to be done on that front.

Q: If you had to call out the biggest risks Indian enterprises face today, what would top your list?

Cyberattacks today are not just about stolen data or downtime; they have real-world consequences that disrupt services, impact livelihoods, and even affect national resilience. What we’re witnessing is the industrialisation of cybercrime, where attackers operate with the scale and efficiency of a business.

AI has lowered the barrier to entry, making it easier for threat actors to launch sophisticated campaigns. The challenge for enterprises in India is not one single threat like ransomware but the fact that cybercrime is expanding faster than most organisations can respond.

Q: Attackers are using AI to move faster and be more convincing. How is that changing the game for defenders?

AI has changed the tempo of cyberattacks. Threats that once took weeks to design can now be generated in hours, while deepfakes and AI-crafted phishing are harder to detect. The positive side is that AI is also a force multiplier for defenders. It cuts through noise, spots patterns humans might miss, and automates routine responses so scarce talent can focus on critical issues.

Over time, this will shift security teams from being reactive to becoming more predictive and proactive in how they defend their organisations.

Trends That Will Shape the Future

Q: Cloud-first is becoming the norm. Does that require a different security mindset?

Yes. The old perimeter-based model doesn’t apply when your data, applications, and users are everywhere. A cloud-first security mindset means embedding controls directly into cloud environments, enforcing Zero Trust, and having visibility across applications, APIs, and workloads.

AI workloads often run in the cloud, which makes it a new frontier for attackers targeting APIs, training data, or even the models themselves. The organisations that succeed will be those that treat cloud and AI security as inseparable, build protections in from the start, and use integrated platforms to simplify complexity.

Q: We’re also seeing OT and IT come together in manufacturing and energy. Does this convergence widen the attack surface?

When IT and OT converge, the attack surface doesn’t just expand, it changes shape. A compromise in IT can now open pathways into a factory floor, an energy grid, or a transport system. Attackers increasingly target OT directly — not only to steal data but to disrupt essential services or hold production hostage.

Securing such environments requires visibility across IT and OT assets, segmentation so a breach in one system doesn’t cascade, and a threat-informed approach mapped to how adversaries actually operate. Speed is also critical — AI and automation can detect intrusions early and contain them before they disrupt operations.

The good news is that OT security has moved from a niche concern to a board-level priority. Resilience depends on treating IT and OT as one integrated fabric, not separate silos.

Q: Many CISOs complain about too many tools that don’t integrate well. Why is a platform approach gaining ground?

One of the biggest challenges CISOs face is tool sprawl. Dozens of products often make environments more complex, not safer. That’s why the shift towards platforms is accelerating. Integrated security reduces blind spots, cuts costs, and enables faster response.

At Fortinet, we’ve built this model from the start — one OS across the portfolio, powered by our own ASICs, layered with AI, and delivered through the Security Fabric. It gives customers a single integrated system that stretches from endpoint to cloud edge, simplifying operations while strengthening resilience.

Q: And then there’s the talent shortage. What needs to change so that security teams aren’t stretched so thin?

The talent shortage is a global challenge and cannot be solved in isolation. We need to expand the talent pool through training, use AI to amplify the effectiveness of professionals, and strengthen collaboration and intelligence-sharing.

This is not a problem technology alone or training alone can fix. It requires commitment from government, industry, and academia working together. Only then can India build the scale of cyber resilience its digital economy demands.

Tech Shifts and Innovation

Q: Beyond the buzzwords, how will AI and automation actually change Security Operations in the next few years?

AI and automation are already reshaping security operations. In India, analysts often face hundreds of alerts daily, with one person responsible for more than 200 employees. That leads to fatigue and missed signals.

Our IDC survey found that over half of organisations face alert fatigue, and nearly three in four don’t conduct regular risk assessments. AI can change this by summarising, prioritising, and highlighting alerts that truly matter. In fact, 96% of surveyed organisations said automation improved productivity, cutting detection times by at least 25%.

AI won’t replace human expertise but will amplify it, freeing professionals to focus on strategy and resilience instead of drowning in noise.

Q: Terms like SASE and CNAPP are everywhere. What’s the real-world value leaders should look for?

The value lies in simplification and consistency. SASE combines networking and security for a hybrid workforce, ensuring policies follow the user, not just the device. CNAPP gives DevOps teams visibility into risks in their cloud-native applications before they go live. Both reduce complexity while raising confidence.

Q: Hybrid and multi-cloud environments are here to stay. How can companies get visibility and control without overwhelming teams with dashboards?

The key is visibility with context. Ten dashboards don’t help — they only add burden. Teams need a single integrated view that unifies data from across environments and highlights what matters most.

Context turns information into intelligence, showing which risks are critical and which can wait. That’s how you give overworked teams control across hybrid and multi-cloud setups without burning them out.

Advice for the Road Ahead

Q: If you were speaking directly to CISOs and board members, how would you tell them to prepare for the next wave of threats?

The next wave of threats won’t look like the last. Attacks are faster, more targeted, and have real-world consequences for continuity and safety. My advice: stop treating cybersecurity as a purely technical function. It’s a business resilience issue, and the shift in mindset must happen at the top.

Preparation starts with clarity on risk: which assets matter, what downtime costs, and how fast recovery is possible. Move away from siloed tools and invest in platforms that simplify and improve visibility across IT, OT, cloud, and on-prem.

Equally important is culture. Security is a team sport. Boards must empower CISOs, encourage collaboration across departments, and bake security into business decisions from day one. Finally, use AI and automation to elevate human talent, because today’s threat volumes cannot be managed manually.

If I had to leave one thought: don’t wait for the punch. Build resilience now — in cybersecurity, it’s not if, but when.

Q: You’ve often said trust, teamwork, and platforms will define the next era of security. Why those three?

Trust is the foundation of the digital economy. Without it, citizens won’t adopt services and businesses can’t scale. Teamwork matters because no single organisation can fight this battle alone. Collaboration and intelligence sharing raise collective defence.

And platforms are the only way to simplify complexity. Point products create silos, while integrated platforms deliver visibility, speed, and resilience. Together, trust, teamwork, and platforms are the anchors of the next era of security.

Q: Finally, what’s your one piece of advice for enterprises that want to stop seeing cybersecurity as a cost and start seeing it as a business enabler?

Shift the mindset from compliance to competitiveness. Cybersecurity isn’t just about avoiding loss; it’s about enabling safe growth. Whether launching a digital bank, building a smart factory, or rolling out citizen services, strong security gives the confidence to innovate at speed and scale.

When leaders see cybersecurity as part of the value chain rather than just a cost, it becomes clear: resilience is what enables growth and competitiveness.

Note to the Reader: This article has been produced on behalf of the brand by HT Brand Studio and does not have journalistic/editorial involvement of Mint.