At a time when bad actors are adopting artificial intelligence at a fast clip, and deepfake videos are made with just ₹8 worth of technology, businesses desperately need to leverage the power of AI to stay many steps ahead, said experts during a panel discussion at the event.
Cyberattacks have risen fast in India, in tandem with incident reporting by companies, since the government mandated that cyberattack incidents must be reported within six hours of noticing, said Sanjay Bahl, director-general of the Indian Computer Emergency Response Team (CERT-In).
Read more: We must keep eyes wide open while dealing with China, says Shashi Tharoor
"When CERT started in 2004, we used to have about two incidents per month. About 10 years back, we had about five-six incidents per hour. Now we have four incidents per minute," said Bahl.
Bahl, who is also the Controller of Certifying Authorities, was speaking at a panel discussion on Cybersecurity and AI, moderated by ET's Surabhi Agarwal.
Read more: If AI takes over, it's the end of cooking, says Gaggan Anand
"AI has democratised knowledge, with a very low barrier to entry. The bad actors have equal access as the good actors. However, the bad guys have advantage in the short term, considering the rise in Denial-of-Service attacks, phishing mails, and social engineering," said Subra Kumaraswamy, senior vice-president and chief information security officer at Visa. "Bad actors earlier used bots to discover vulnerabilities in code. Now they're able to use AI agents to discover them."
"Indian enterprises are attacked three times more than the global average. This is alarming because the percentage of AI used in these attacks is increasing dramatically. The most hit verticals are healthcare, government and manufacturing. Some attacks are state-sponsored," said Sundar N Balasubramanian, managing director for India and South Asia at cybersecurity firm Check Point Software Technologies.
The cost of creating a deepfake video in India has fallen to a low of ₹8, he said.
Betting on AI
However, it's not a one-sided game, as an AI agent has recently become the winner of the bug bounty programme run by Visa, Kumaraswamy said. The global payments major gets 15 milliseconds to authorise a transaction on this system, and AI is now being harnessed to take that call, he said.
Ranganath Sadasiva, chief technology officer at Hewlett Packard Enterprise India, warned the onus is on every country to have an offence, and not just defence, strategy on cybersecurity.
"Countries are leveraging cyber as a weapon. We know China is very advanced, and we've seen attacks by North Korea and Iran," he said. This becomes challenging for India, as the panelists concurred that the country faces a critical shortage of cybersecurity professionals, with only 350,000 currently available against a demand for 1 million.
Shub Bhowmick, chief executive and cofounder of US-based data science and AI solutions firm Tredence, said firms need to arm themselves against newer attacks such as Distributed Denial of Service (DDOS).
"A recent DDOS attack in the UK targeted Marks and Spencer, Harrods and others, where they basically jammed the entire system and attacked their website. It doesn't just have an impact on the business of specific companies, but it can bring down entire economies very quickly," he said.
Pointing out that the sector is now discussing 'conscious AI', Sanjay Kaushik, managing director of risk consulting firm Netrika, said companies should be asking whether they are doing enough on cybersecurity.
"We need to focus more on training and awareness. If you don't, then your entire capex can go for a toss," he warned.
Cyberattacks have risen fast in India, in tandem with incident reporting by companies, since the government mandated that cyberattack incidents must be reported within six hours of noticing, said Sanjay Bahl, director-general of the Indian Computer Emergency Response Team (CERT-In).
Read more: We must keep eyes wide open while dealing with China, says Shashi Tharoor
"When CERT started in 2004, we used to have about two incidents per month. About 10 years back, we had about five-six incidents per hour. Now we have four incidents per minute," said Bahl.
Bahl, who is also the Controller of Certifying Authorities, was speaking at a panel discussion on Cybersecurity and AI, moderated by ET's Surabhi Agarwal.
Read more: If AI takes over, it's the end of cooking, says Gaggan Anand
L-R: Ranganath Sadasiva of Hewlett Packard Enterprise India, Sundar N Balasubramanian of Check Point Software Technologies, Sanjay Bahl of CERT-In
L-R: Subra Kumaraswamy of Visa, Shub Bhowmick of Tredence and Sanjay Kaushik of Netrika Consulting
"AI has democratised knowledge, with a very low barrier to entry. The bad actors have equal access as the good actors. However, the bad guys have advantage in the short term, considering the rise in Denial-of-Service attacks, phishing mails, and social engineering," said Subra Kumaraswamy, senior vice-president and chief information security officer at Visa. "Bad actors earlier used bots to discover vulnerabilities in code. Now they're able to use AI agents to discover them."
"Indian enterprises are attacked three times more than the global average. This is alarming because the percentage of AI used in these attacks is increasing dramatically. The most hit verticals are healthcare, government and manufacturing. Some attacks are state-sponsored," said Sundar N Balasubramanian, managing director for India and South Asia at cybersecurity firm Check Point Software Technologies.
The cost of creating a deepfake video in India has fallen to a low of ₹8, he said.
Betting on AI
However, it's not a one-sided game, as an AI agent has recently become the winner of the bug bounty programme run by Visa, Kumaraswamy said. The global payments major gets 15 milliseconds to authorise a transaction on this system, and AI is now being harnessed to take that call, he said.
Ranganath Sadasiva, chief technology officer at Hewlett Packard Enterprise India, warned the onus is on every country to have an offence, and not just defence, strategy on cybersecurity.
"Countries are leveraging cyber as a weapon. We know China is very advanced, and we've seen attacks by North Korea and Iran," he said. This becomes challenging for India, as the panelists concurred that the country faces a critical shortage of cybersecurity professionals, with only 350,000 currently available against a demand for 1 million.
Shub Bhowmick, chief executive and cofounder of US-based data science and AI solutions firm Tredence, said firms need to arm themselves against newer attacks such as Distributed Denial of Service (DDOS).
"A recent DDOS attack in the UK targeted Marks and Spencer, Harrods and others, where they basically jammed the entire system and attacked their website. It doesn't just have an impact on the business of specific companies, but it can bring down entire economies very quickly," he said.
Pointing out that the sector is now discussing 'conscious AI', Sanjay Kaushik, managing director of risk consulting firm Netrika, said companies should be asking whether they are doing enough on cybersecurity.
"We need to focus more on training and awareness. If you don't, then your entire capex can go for a toss," he warned.
( Originally published on Aug 25, 2025 )
