Why India Can’t Hire Its Way Out of a Cybersecurity Skills Gap

News

1. OpenAI Brings Torch Onboard to Power ChatGPT’s Health Push

2. 17.5 Mn Instagram Accounts Compromised In Massive Data Leak: Report

3. Google Pulls AI Health Summaries After Concerns over Misleading Information

4. Google Pushes AI Deeper Into Retail With New Commerce Protocol

5. CrowdStrike to Buy Identity Security Startup SGNL for $740 Million

6. Aditya Birla Ventures Bets on US Generative AI Firm Articul8

The recent ISACA 2025 Cybersecurity Workforce Insights report reveals a troubling paradox at the heart of global and Indian cybersecurity efforts. Even as the digital threat landscape becomes increasingly complex, organizations are investing less in the talent needed to defend against these risks.

Despite the persistent staffing gap, fewer enterprises are now training non-security employees to move into cybersecurity roles. Only 34% of organizations offer such programs today, a sharp drop from 50% in 2024. 

This is particularly concerning given that 39% of current cybersecurity teams already include professionals who transitioned from non-security backgrounds. It’s a missed opportunity to reskill existing talent internally at a time when cyber threats are becoming more advanced and pervasive.

A cybersecurity professional told MIT SMR India, “There are two types of people in this industry, generalists and specialists. It’s great if a specialist is involved in the hiring process, but often, generalists possess broad knowledge across various topics without in-depth expertise in any one area. Many companies also remain unclear about what exactly their teams need, and that’s another major challenge.”

India’s Growing Cybersecurity Crunch

The challenge is particularly severe in India, where 40% of cybersecurity teams remain understaffed, and 68% report unfilled positions. Retaining talent has become equally challenging; 55% of organizations admit to struggling to retain cybersecurity professionals.

Adding to the urgency, 83% of India-based professionals expect the demand for technical cybersecurity roles to increase over the next year, compared to a 70% global average. This highlights India’s dual challenge, a rapidly expanding need for skilled defenders paired with a shrinking pipeline of available experts.

When it comes to hiring, organizations continue to prioritize prior cybersecurity experience (76%) and adaptability (73%). Yet, the most significant gap lies not in technical expertise, but in soft skills, which 56% of respondents cited as the top deficiency. Within this, critical thinking (55%), problem-solving (52%), and communication (51%) stand out as the most in-demand capabilities, underscoring the human dimension of cybersecurity.

Addressing this shortage requires more than just increasing headcount. Namit D’Cruz, India Enterprise Leader, Datadog, says, “Cybersecurity is an ever-evolving problem. The types of threats, attacks, targets, assets, and levels of sophistication are all changing quickly. So we’re dealing with a space that is both fast-growing and fast-evolving.”

He adds that talent is definitely a factor now, but it’s not the only one. At Datadog, for example, they view security not as a standalone silo but as something that should be integrated into every part of the product lifecycle, including design, development, testing, deployment, and production management.

Security must be at the forefront, not an afterthought. “There is still a lot of cleanup required on systems that already exist, but the future state we should be aiming for as an industry is security-by-design,” he adds. 

According to D’Cruz, having a unified platform, such as  Datadog’s combination of observability, security, and cloud service management, enables customers to integrate security directly into the CI/CD cycle. It stops being “someone else’s problem” and becomes part of how the entire system functions.

“On the talent point specifically, if we view it only as a need for more security-certified or security-trained individuals, we’re again treating cybersecurity as a separate responsibility of an InfoSec or cybersecurity team. That model isn’t scalable. What we really need is for everyone, engineers and end-users alike, to be aware of security and understand their role in maintaining it,” he said. 

Tools like Datadog help, but there’s also a lot more that needs to be done across the ecosystem to bridge this gap. D’Cruz’s perspective connects the talent crunch to a deeper structural issue: treating cybersecurity as an add-on function rather than a shared responsibility integrated into every layer of technology.

GCCs: India’s Emerging Cybersecurity Powerhouses

Despite these challenges, India remains a central player in the world’s cybersecurity operations, particularly with the rise of global capability centres (GCCs). According to a PwC report, GCCs in India are rapidly transforming into cybersecurity centres of excellence (CoEs), reflecting the country’s growing strategic importance in global cyber defense.

India faces 13.7% of all global cyberattacks, making it the most targeted country in the world. Yet, this intense exposure has also driven innovation and capability building. The country’s thriving tech industry, vibrant startup ecosystem, and deep STEM talent pool are positioning it as a global hub for cybersecurity. 

In fact, 28% of global organizations now have more than half of their cybersecurity teams based in India, and 17% have over 75% of their teams here. India’s demand-supply gap in technology talent (25–27%) is the lowest among leading tech nations, such as the US, UK, and Australia, a testament to its educational and professional depth. GCCs are leveraging this advantage to build world-class cybersecurity teams capable of addressing some of the world’s most complex threats.

What’s Next?

As cyber threats grow more sophisticated, India’s position is both promising and precarious. The nation is home to some of the world’s most dynamic cybersecurity talent and infrastructure. Yet, it continues to face acute shortages and challenges in retaining its top talent. Addressing these issues will require not just better hiring practices but also a renewed investment in reskilling programs, soft skills development, and a clearer organizational understanding of security needs.

The ISACA report makes it clear that cybersecurity must be viewed as a strategic imperative for talent development, especially in India.