A New Era of AI-Driven Threats
India’s corporate sector is facing an unprecedented wave of AI-powered cyberattacks, according to the Thales 2026 Data Threat Report, compiled in partnership with S&P Global 451 Research. A striking 65% of organisations in India have already experienced deepfake-driven attacks, while 64% rank AI-enabled threats as their single biggest data security risk. This figure reflects just how dramatically the threat landscape has shifted.
Deepfakes and Misinformation Are Weaponising Identity
Attackers are no longer relying solely on technical exploits. AI-generated deepfakes and misinformation campaigns are now actively undermining enterprise security at scale. Approximately 55% of Indian organisations report reputational damage linked to AI-generated impersonation campaigns — a consequence that extends well beyond data loss.
Credential theft has emerged as the dominant attack method against cloud infrastructure, with 68% of organisations in India reporting cloud-based incidents. As AI systems are granted broad, automated access to enterprise data — often with fewer guardrails than human users — compromised credentials now carry far greater consequences.
The Visibility Problem Nobody Is Solving
Perhaps most alarming is how little organisations actually know about their own data. Only 35% of Indian organisations know where all their data resides, and just 36% can fully classify it. Meanwhile, nearly half of sensitive cloud data worldwide remains entirely unencrypted.
“When identity governance, access policies, or encryption frameworks are weak, AI can amplify those weaknesses across corporate environments far faster than any human ever could,” warned Ankur Kanaglekar, Vice President – India, Thales.
Investment Is Growing — But Dangerously Slowly
While 30% of Indian organisations now allocate dedicated budgets for AI security, the majority — 53% — still rely on traditional security programs designed for a pre-AI world. Human error already contributes to 26% of breaches in India, and with automation layered on top, even minor mistakes can cascade rapidly.
Eric Hanselman, Chief Analyst at S&P Global 451 Research, put it plainly: organisations must treat data security as foundational to innovation — not an afterthought.
The message from the report is unambiguous: AI is not a future threat. It is already inside the perimeter.
