As India becomes the world’s second-most-targeted nation for cyberattacks, the battleground has shifted from perimeter security to human preparedness. With AI-powered threats surging and potential losses expected to reach ₹20,000 crore this year, organizations are discovering that their most significant vulnerability—and most vigorous defense—lies in their workforce.
Country Head & Senior Director
Udemy
Vinay Pradhan, Country Head & Senior Director at Udemy, sits at the intersection of this transformation. With cybersecurity course consumption among Indian businesses growing 32% quarter-over-quarter, Pradhan has witnessed firsthand how enterprises are moving beyond compliance checkboxes to build genuine cyber resilience. In this conversation, he explores why every employee must become a defender, how AI serves as both weapon and shield, and what it takes to make cybersecurity learning stick in India’s rapidly digitizing economy.
CISO Forum: India is now the world’s second-most-targeted nation for cyberattacks. How do you see the cybersecurity skills gap evolving amid rising AI threats?
Vinay Pradhan: The rise of AI is fueling a sharp increase in both the volume and sophistication of cyberattacks. Nearly 60% of organizations in APAC encountered AI-powered cyberthreats over the past year. What’s most concerning is that even a single uninformed download can expose entire systems to risk through identity theft, social engineering, or data manipulation.
Across the region, many organizations acknowledge that breaches often stem from a lack of cybersecurity skills and training at all levels, revealing a deeper gap between technology adoption and workforce capability. In this era, building cyber resilience requires a shift in mindset. Organizations in India are increasingly building cybersecurity skills across the organization, not just in IT teams.
This shift is reflected in Udemy’s data, which shows a 32% quarter-over-quarter (QoQ) growth in cybersecurity course consumption among India-based Udemy Business users, outpacing the global learning consumption growth of 24%. The consumption of courses related to Responsible AI, Ethics & Gen AI, and cybersecurity tools such as CompTIA Security+ is seeing strong adoption, underscoring businesses’ growing commitment to cyber resilience amid evolving, sophisticated AI-driven cyber threats.
CISO Forum: Despite awareness programs, breaches persist. How can organizations make cybersecurity learning continuous and culture-driven rather than a one-time compliance effort?
Vinay Pradhan: On the one hand, cyber threats evolve daily, so a static approach can’t keep pace with dynamic risks. On the other hand, understaffed cybersecurity teams must keep up with changing threats. AI-powdered cybersecurity tools are evolving to establish a good line of defence. However, businesses must fill the knowledge gap among employees in leveraging these tools effectively so cybersecurity becomes a top priority across the organisation.
Businesses should retire legacy, compliance-driven approaches in favor of robust cybersecurity frameworks and learning initiatives that evolve with emerging technology. The most effective strategy lies in learning and development initiatives that are deeply embedded within workflows.
Organizations should integrate learning into the flow of work, where employees can apply knowledge in real time and stay alert to emerging scams and phishing tactics. Continuous learning must be refreshed frequently and tailored to roles across departments. When cybersecurity is integrated into everyday operations rather than isolated to once-a-year training, it becomes top of mind for employees and part of the organizational rhythm.
Culture change always begins when learning is personalized, relevant, and reinforced. Employees engage more actively when they understand how cybersecurity connects to their own roles and responsibilities. In this way, every employee becomes the first line of defense, safeguarding and equipping organizations from any impending cyber threats.
Organizations in India are already recognizing this and preparing their workforce and systems to be cyber-resilient. Among Udemy business users, there’s been a 54% QoQ increase in minutes spent learning AI Ethics and Governance. This focus on responsible AI demonstrates that Indian learners recognize that, as systems become more complex and depend on AI, privacy, security, safety, quality, and reliability will be the cornerstones for building trust in AI systems and deterring cyberattacks.
CISO Forum: AI powers both attacks and defense. How can upskilling help professionals use AI responsibly without widening the skills divide?
Vinay Pradhan: AI today acts as both the attacker and the defender. As Indian organizations lead the charge in AI adoption, there is an urgent need for a comprehensive skills development strategy that equips employees to use AI responsibly and as a force in defense against emerging cyber threats. Organizations should empower people with the right skills to understand AI’s potential, limitations, and implications.
Organizations can leverage skills acceleration platforms to create personalized learning experiences at scale, making the most of AI without compromising their safety or data. Since AI continues to evolve rapidly, learning content must be continuously updated, contextual, and rooted in real-world applications. This approach enables people to explore, experiment, and innovate with AI while keeping security and responsibility at the heart of every action.
CISO Forum: What role should leaders and L&D heads play in integrating cybersecurity learning into everyday work?
Vinay Pradhan: To make cybersecurity upskilling effective, L&D heads must carefully design and deploy initiatives that strengthen awareness of cybersecurity best practices. Employee engagement is key, and this requires thoughtful formulation: programs need to be hands-on, continuous, contextual, and tailored to each role, skill level, and expertise. Organizations can leverage skills acceleration platforms to ensure learning initiatives are experiential and aligned with broader business goals, thereby maximizing impact and ROI. Choosing the right partnerships and platforms is therefore essential, as they provide the flexibility needed to make cybersecurity learning a tangible, organization-wide capability.
CISO Forum: How can organizations extend cybersecurity awareness beyond IT to non-technical teams without overwhelming employees?
Vinay Pradhan: Given the sophisticated nature of today’s threats, the risk is higher than ever, with losses expected to reach a staggering ₹20,000 crore this year. Today, every employee, not just IT professionals, should have the knowledge and skills to identify, report, and take the necessary steps to defend against potential threats. That’s where effective cyber defense begins today. They should train every employee, integrating ongoing, role-specific learning into daily workflows. They can provide role-specific, bite-sized modules that employees can apply immediately. This way, cybersecurity awareness turns into an ongoing habit across the workforce. Moreover, it keeps staff engaged and aware without overwhelming them, making cybersecurity a shared responsibility across the organization.
CISO Forum: What innovations will shape the next era of cybersecurity training, and how is Udemy driving this change in India?
Vinay Pradhan: The next era of cybersecurity training will continue to revolve around personalization, immersion, and integration into everyday work. Organizations are adopting AI-driven learning, micro-credentials, and role-play-based programs to replace one-off training modules. These approaches make learning continuous and hands-on, enabling employees to build real-world skills against evolving threats.
In India, Udemy is driving this transformation. Through initiatives like the Team Plan and Enterprise Plan for businesses, cybersecurity-focused learning paths, native-language courses, skills-based analytics, and outcome-focused recommendations, Udemy helps organizations embed learning into daily workflows. The sustained growth in cybersecurity course consumption among India-based Udemy Business users stands as a strong testament to this impact.
Notably, the CompTIA Security+ (SY0-701) Complete Course & Practice Exam is the leading cybersecurity learning course on Udemy.
Udemy will continue to empower Indian enterprises to build a culture of proactive cybersecurity defense by offering personalized learning pathways, certification preparation, and relevant, multimodal content.
