How AI, ransomware economics, and the collapse of perimeter security redefined enterprise defense
If 2024 was the year artificial intelligence became ubiquitous, 2025 was the year cybercriminals weaponized it at scale—and defenders were forced to fight fire with fire. As Indian CISOs close the books on what many now call the most transformative year in cybersecurity history, the verdict is unequivocal: the old playbook is obsolete, and organizations that clung to legacy defenses paid a heavy price.
From unprecedented ransomware surges to AI-powered attacks that compressed breach timelines from weeks to mere hours, 2025 fundamentally redrew the cybersecurity landscape. For India, in particular, the year was a baptism by fire. The country emerged as the Asia-Pacific region’s most targeted nation, facing over 3,000 cyberattacks per organization per week—a grim distinction that reflects both India’s rapid digital transformation and the vulnerabilities that accompanied it.
The AI Arms Race: When Attackers Gained Machine Speed
The integration of artificial intelligence into cyberattacks in 2025 was not gradual—it was explosive. According to Microsoft’s 2025 Digital Defense Report, nation-state actors, including Russia, China, Iran, and North Korea, more than doubled their use of AI to conduct cyberattacks and spread disinformation. The impact was stark: AI-generated phishing emails recorded a 54% click-through rate, compared with just 12% for traditional phishing campaigns.
Reuben Koh, Director of Security Technology & Strategy at Akamai, explains the shift succinctly:
“AI is fundamentally changing the economics of cyberattacks in APAC. Adversaries are no longer scaling through the workforce; they are scaling through automation. Leaders can’t rely on human-paced defenses in a machine-paced threat environment.”
The data underscores this reality. Across APAC, organizations faced an average of 2,668 attacks per week, with India exceeding 3,000 weekly incidents per organization—placing it among the most targeted countries globally, alongside South Korea, Singapore, Japan, Taiwan, and Thailand.
Adam Meyers, SVP of Counter Adversary Operations at CrowdStrike, warns that this trajectory is only accelerating:
“In 2026, we’ll likely see an explosion of zero-day vulnerabilities driven by AI. As AI accelerates code generation and software development, it’s also becoming ideally suited to identifying software flaws. Early indicators suggest advanced adversaries are already investing heavily in this research, driving down the cost of discovering and weaponizing vulnerabilities.”
The democratization of AI-powered tools has compounded the challenge. Open-source models enabled attackers with limited expertise to develop custom reconnaissance and vulnerability-scanning tools. The result: every organization effectively became ‘patient zero’, facing highly targeted, customized attacks at scale.
India Under Siege: APAC’s Ransomware Ground Zero
Few statistics capture India’s cybersecurity challenge in 2025 more clearly than ransomware. The region recorded 456 ransomware incidents across APAC, alongside 1,586 data breaches and 335 initial access listings traded on underground forums. India featured consistently among the most targeted nations.
The ransomware group Qilin alone accounted for 94 attacks, representing 20.6% of APAC incidents.
Globally, ransomware attacks surged 34% in the first three quarters of 2025 compared to 2024, reaching 4,701 confirmed incidents. The average cost per attack rose to $5–6 million, while downtime stretched to 24–27 days. By mid-2025, ransomware damages reached an estimated $57 billion annually, translating to $156 million per day—or $2,400 per second.
India experienced several high-profile incidents. In October, a nationwide grocery retail chain suffered a breach that exposed the personal data of 600,000 customers and 1,000 employees, including Aadhaar and banking details. In January, over 22 terabytes of corporate data were exposed via misconfigured S3 buckets. A multinational Indian payment system was compromised, with production databases, source code, and infrastructure credentials advertised on dark web forums.
Ransomware tactics also evolved. Double and triple extortion became standard practice, with attackers stealing data before encryption and threatening to leak it—or target customers and partners—if ransoms were not paid.
Elia Zaitsev, CTO at CrowdStrike, draws a compelling parallel:
“Just as phishing defined the email era, prompt injection is defining the AI era. In 2026, AI Detection and Response (AIDR) will become as essential as EDR, requiring real-time visibility into prompts, responses, agent actions, and tool calls to contain AI abuse before it spreads.”
Following law enforcement disruptions of major groups such as LockBit and ALPHV/BlackCat, the ransomware ecosystem fragmented. By the end of 2025, no single group controlled more than 11% market share, compared to LockBit’s 34% dominance in 2023. Independent operators and “lone wolf” attackers doubled their presence to 15%, making attribution and prediction significantly harder.
The Collapse of Perimeter Security and the Rise of Zero Trust
As hybrid work models stabilized and cloud adoption accelerated, 2025 marked the definitive collapse of perimeter-based security. VPN vulnerabilities became a favored entry point, with 56% of organizations reporting VPN-exploited breaches.
In response, 81% of organizations announced plans to implement Zero Trust architectures within 12 months, according to Zscaler ThreatLabz. Meanwhile, 65% planned to replace VPN services, a 23% increase over 2024. The Zero Trust Network Access (ZTNA) market grew to $2.48 billion in 2025, with projections reaching $14.74 billion by 2033.
The shift from IP-based trust to identity-centric access control became inevitable—particularly as enterprises embraced passwordless authentication and real-time entitlement management.
For Indian organizations facing sustained pressure from criminal syndicates and state-sponsored actors alike, Zero Trust was no longer aspirational—it was existential.
The Human Element: Social Engineering in the AI Era
Despite AI’s dominance, 2025 reaffirmed a familiar truth: humans remain cybersecurity’s weakest link.
Verizon’s 2025 Data Breach Investigations Report found that 60% of breaches involved a human element, including errors, social engineering, or credential compromise.
Attack sophistication reached alarming levels. The Scattered Spider group used AI-generated impersonation tactics to breach major retailers. In one case, a deepfake video of senior executives convinced a finance employee at engineering firm Arup to transfer $25 million.
Identity-based attacks surged 32% in the first half of 2025, with 97% involving password compromise. Infostealer malware fueled a thriving underground economy, monetizing stolen credentials and session tokens at scale.
Ranga Jagannath, Senior Director – Growth at Agora, notes the shift:
“Customer experiences will need to be more proactive, predictive, and emotionally intelligent. AI agents will manage complex workflows, while real-time sentiment detection tailors interactions in the moment—raising both opportunity and risk.”
Critical Infrastructure in the Crosshairs
Healthcare, education, government, and aviation sectors faced relentless targeting. Healthcare organizations reported ransomware attacks at a 54% rate, with average recovery costs reaching $2.73 million per incident.
Educational institutions experienced 2,799 weekly attacks per organization, while government entities averaged 2,512 weekly incidents.
In India, geopolitical tensions escalated cyber conflict following the Pahalgam terror attack, triggering over 1.5 million cyberattacks on Indian websites. Seven APT groups—linked to Pakistan, Bangladesh, Indonesia, and the Middle East—were active participants.
Glenn Nethercutt, CTO at Genesys, argues for a paradigm shift:
“AI will stop rebooting at every interaction and begin reasoning from lived experience. Enterprises that teach machines to remember will find that customers do the same—because loyalty, like intelligence, never forgets.”
The Economic Toll and the Agentic SOC
Global breach costs averaged $4.44 million, while organizations using AI-driven security saved $1.88 million per incident, according to IBM.
Yet as threats scaled, talent shortages deepened. Cybersecurity budget growth slowed to 4% in 2025, down from 17% in 2022, even as attack volumes soared.
The response was the rise of the agentic SOC—AI-driven security operations capable of reasoning and acting at machine speed.
Elia Zaitsev explains:
“Security analysts are not going away—they’re being elevated by a fleet of agents that work at machine speed.”
Dhiraj Gupta, CTO & Co-founder of mFilterIt, adds:
“The next phase is moving from detection to prediction—addressing AI-generated fraud, synthetic engagement, and deepfake-driven brand misuse with greater foresight and control.”
The Bottom Line
2025 was the year cybersecurity crossed a point of no return. Attackers gained machine-speed capabilities. Legacy defenses failed. Trust became the ultimate currency.
For Indian CISOs, the message is unmistakable: human-paced security cannot defend machine-paced enterprises. The future belongs to organizations that can orchestrate AI-powered defense—without surrendering human judgment, accountability, and ethics.
As Adam Meyers puts it:
“The defenders who succeed will be those using AI with the same speed and precision as attackers.”
The only remaining question is not whether transformation is necessary, but whether it will happen fast enough.
