AI is fast becoming a digital watchdog. However, it comes in as collaboration — not competition — to human intelligence as companies seek to secure the virtual world. So, unlike several other branches of technology, cyber security professionals aren’t facing job culls. Rather, the demand for them is set to boom as India grapples with a rise in cyber attacks, with a 30% supply gap telling on the industry.
Meanwhile, companies are weaving in AI to sharpen cyber security efforts in an increasingly digital world — and bridge the skills gap.
“Considering the rapid pace of change in the cyber security industry, businesses must prepare their workforce for an AI+ security norm,” Pradeep Vasudevan, country head, security software, IBM India, told ET.
He added that it will be key for security analysts to be equipped with the skillsets required to utilise AI solutions effectively.
“Industry suggests that one million [cyber security] professionals will be required by 2025,” said Krishna Vij, business head – IT staffing, TeamLease Digital.
Discover the stories of your interest
India’s cyber security workforce stood at around 0.3 million in 2023, up from 0.21 million in 2022, and 0.1 million in 2021, Vij said, with about 8,500 cyber security positions currently open. India’s 30 per cent gap is proportionally slightly higher than the global average, she added. “While we’re looking at about 30 to 40 per cent growth in this role, this will only go up. It will grow 40-50 per cent year-onyear,” Vij said, adding that expertise in threat intelligence, incident response, and penetration testing will be in high demand in 2024.
The most sought-after cyber security skills in 2023 included cloud security, threat intelligence, incident response and management, application security, ethical hacking, security operations centre analysts, identity and access management and data security and encryption.
Hot skills
This year, businesses are looking for niche skills including AI/ML security and gen AI security, said Anand Tiwari, partner, risk advisory, Deloitte India. Other in-demand areas include cloud security, IoT (internet of things) security, threat hunting, devsecops (development, security, and operations) and privacy.
He added that companies’ cyber security spending has increased due to their digital transformation journeys, increased scrutiny by regulators and increase in organised cyber crime. Yet, a recent Data Security Council of India (DSCI) report indicates the country faces a shortage of about 7,90,000 cyber security professionals.
Kunal Purohit, chief digital services officer, Tech Mahindra, said, “It is certain that demand for cyber security professionals is booming, and while automation is becoming more prevalent in all industries, there will always be a need for cyber security experts.”
Bridging the skill gap requires organisations to continuously assess their needs, invest in training and development, and adjust their strategies to keep up with the everchanging cyber security landscape, Purohit said.
“In 2024, the surging demand for cyber security experts is unprecedented, propelled by escalating and sophisticated cyber threats,” said Sundar Balasubramanian, managing director, India and SAARC, at cyber security firm Check Point Software Technologies.
“Indian enterprises grapple with a critical shortage of cyber security experts, ranking second globally in this workforce deficit, surging sevenfold in the past year,” he added, citing research. Even as burnout of skilled cyber security professionals is being reported, critical sectors, including BFSI, healthcare, finance, and e-commerce face heightened vulnerability and an urgent requirement for adept professionals, Balasubramanian said.
Industry readiness
Experts said that cyber security training in academia is not keeping pace with the evolving threat landscape businesses face and that it takes substantial effort for a firm to convert a campus hire into a cyber security professional.
“Freshers do not have an easy entry into cyber security roles… They [companies] typically look for minimum three years experience,” Vij said.
To address the cyber security skills gap, companies are expanding their search beyond domestic talent, tapping into diverse markets like Singapore, US, Switzerland, Israel, etc., Vij added.
“Recognising the dynamic nature of cyber threats, India is investing in skilling initiatives through partner – ships with educational institutions, industry certifications and internal training. The surge in cyber security certification programs, with over 400 institutions involved, reflects a concerted effort to skill local talent and meet the growing demand for qualified cyber security professionals.”
While the shortage affects all sectors, knowledge-based industries such as IT, ITeS, BFSI, and pharma are feeling the sting, Tiwari said. Further, Global Capability Centres (GCCs) in the process of establishment will also feel the impact of the prevailing skills gap. As per a DSCI report, India’s cyber security market grew at a CAGR of over 30% during 2019-2023 to reach $ 6.06 billion in 2023, Tiwari added.
Meanwhile, cyber security firm Cyfirma reported that India is the most targeted country in terms of cyber attacks and that cyber attacks on government agencies went up by 460% over the past three years while those on startups and small and medium enterprises (SMEs) increased by 508%.
Especially now, AI has transformed the cyber threat landscape — attacks that once required seasoned professionals have become ‘chi ld’s play’, experts said, and the technology has made attacks more sophisticated and ferocious.
Pawan Prabhat, cofounder and president at generative AI and data engineering solutions firm Shorthills AI, said, “AI is not just a buzzword; it’s becoming a vital skill set in cyber security roles.”
He added that today, AI is enabling targeted phishing with voice and video and increasingly intricate malware and that companies can strategically integrate the technology for effective defence. “We are starting to see gen AI help scale cyber crime — a top concern for defenders who are already outnumbered and under pressure,” said Vasudevan. Cyber security professionals upskilling in AI/ML and gen AI may be a matter of their own long-term viability as well as a matter of insulation and future-readiness for companies, experts said.
“Companies may need to make significant investments in upskilling their cyber security teams in AI and gen AI skills,” Tiwari said. He added that IT, ITeS and BFSI companies are making such investments.
Need for AI
According to Prabhat, SOC (security operations centre) a n a l y s t s w h o perform threat hunting and intelligence analysis should be trained in AI. Further, leveraging AI in ASI (attack surface intelligence) enhances cyber threat identification and enables predictive analysis based on historical patterns.
AI-driven log analysis across various security systems streamlines the identification processes by providing valuable insights to security analysts, Prabhat said.
For IBM’s Vasudevan, the full potential of AI in cyber security lies in the combination of existing mature AI innovations and future gen AI applications, coupled with automation. “We have already begun to see the adoption of large language models in the cyber security market, serving as a security assistant of sorts to security analysts through a chatbot format,” Vasudevan said.
“CISOs must carefully evaluate how gen AI innovations can help improve detection efficacy and introduce predictive capabilities to security solutions, largely due to the size and variety of data these models are trained on, and their capacity for self-supervised learning,” he added.
Yet, many firms hesitate to incorporate AI in their cyber security efforts due to fears around data privacy and security, Vij pointed out.
Mitigating the cyber security skills gap requires cooperation between government, industry and academia, greater awareness regarding cyber security career opportunities as well as incentives for businesses so they can meet the costs of strong cyber security infrastructure, she said.
Meanwhile, skilled professionals are attracting premium salaries. Vij said that while entry-level roles like IT auditor, information security analyst, network/IT security engineer/specialist, and security testing/penetration tester offer a base pay of Rs 3-6 lakh per annum for under three years’ experience, senior and mid-level professionals, with over 12 years of experience, have the potential to earn an annual salary of Rs 50-80 lakh.