New Delhi: India simply does not have enough skilled engineers to consistently protect vital assets such as power grids, telecom networks, banks and government systems from cyber attackers whose capabilities have become more sophisticated with the use of artificial intelligence (AI).
Stakeholders and analysts Mint spoke to said India has about 350,000 professionals working in cyber security in various roles. By comparison, one million engineers are in demand across the country, data from staffing firms Adecco and Quess IT Staffing showed.
The gap remains persistent as the demand for cybersecurity engineers grows: as of 2023, India had nearly 300,000 engineers working on cybersecurity. While the pool of these professionals gradually expanded due to abundant opportunities and rising salaries, the rate of growth was not enough to meet the demand in the field.
Read also | As digital arrests increase, a parliamentary panel is putting forward a plan to hunt down cyber cons
“The threat gap is real and a major concern for businesses as cyber attacks become increasingly sophisticated. At the heart of this concern is AI helping attackers automate many cyber threats and the fact that cyber defenses are always reactive,” said Aditya Verma, former director of transformation and cyber security at the US Indian Navy and a leading network security company in India and South Asia. cyber security devices.
India needs to “treat cyber security the way other security wings are treated in the real world and have a cyber cadre where there is state-level training at the entry level,” Verma said.
“Currently, most cyber security courses, including many supported by the Centre, are short-term certificates or workshops that last just days. When it comes to degrees that certify a Chief Information Security Officer (CISO) ready to take over leadership in an enterprise, talent is still very scarce,” he added.
Read also | Mint Explainer: Vibe hacking and why it’s the next big cybersecurity threat
The need for more engineers has come as generative artificial intelligence has accelerated the number of cyber attacks in India. Data from the Data Security Council of India (DSCI) 2025 report on cyber threat in India states that between 2022 and 2024, the number of detections of “behaviour-based cyber threats” increased from 13 million to 54 million – a more than four-fold increase in just two years.
This has left a significant cybersecurity talent gap, despite competitive salaries.
Sanketh Chengappa, director of professional staffing at Adecco Group, said salaries are largely attractive for cybersecurity professionals.
“An engineer with about five years of experience on average earns about ₹20 million annually. Top cyber security engineers with roughly ten years of experience earn up to ₹60 million annually. So the salary is quite fair. The real gap when it comes to cyber security is the lack of professionals with the right skills and the lack of extensive cyber skills courses and initiatives – both in the public sector and in private businesses,” he said.
The crisis is so severe that even organizations offering specialist cyber security and managed services are struggling to hire and retain talent.
Dharshan Shanthamurthy, founder and managing director of Bengaluru-based cyber firm Sisa Infosec, told Mint that while there has been progress over the past decade, “the pace of skills in cyber security programs has not kept pace with demand as the influx of AI tools in coding has made cyber attacks much more persistent and sophisticated.
“While basic cyber threat triage can be automated, higher-level threats require greater skill – and there aren’t enough users for them yet,” he added.
Read also | A cybersecurity startup has bagged one of India’s largest VC-led global deals
Sisa Infosec offers cybersecurity teams and software to government agencies. In September last year, it partnered with the Ministry of Electronics and IT (Meity) and the Computer Emergency Response Team (Cert-In) of India to launch an intensive workshop certified by the National Accreditation Board for budding security engineers called Certified Security Professional for Artificial Intelligence (CSPAI).
On the sidelines of the MeitY event on December 29, Sanjay Bahl, CEO of Cert-In, told Mint that the government has made progress in addressing the shortage of cybersecurity professionals. The government’s apex cyber security body also conducts other training programs for engineers, including an eight-week professional development course in collaboration with Birla Institute of Technology and Science (BITS), Pilani.
However, the skills gap continues to be significant – a factor that affects companies in India.
Cisco’s Verma said domains such as statistical applications and AI-led specializations are more in demand in cybersecurity because they allow skilled professionals to gain faster access to higher-paying roles.
“Cybersecurity skills, especially at the highest levels, require effort at levels as low as college courses. There just isn’t enough movement in those fields, and that’s why the gap remains persistent,” he said.
Shanthamurthy of Sisa Infosec added that AI has also been a savior for security firms. “However, you need experienced engineers to offer public sector cyber security services, which also include sophisticated attacks from countries like North Korea. The continuing skills gap and continued lack of adequate training courses is the biggest factor behind this,” he said.
