90% of Indian Firms Plan to Hire Digital Identity, Security Specialists in the Next Year: Report

New research from Rubrik Zero Labs uncovers a troubling gap between the expanding identity attack surface and organizations’ ability to recover from resulting compromises. The AI wave is translating into an increase of AI agents in the workplace, which equates to a surge of both non-human identities (NHIs) and agentic identities. This is resulting in an urgent focus for CIOs and CISOs on identity threats and recovery. The report – Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats – shows that as AI adoption expands across organizations worldwide, enterprises are taking decisive action to strengthen identity resilience.

"Attackers are now frequently targeting both human and non-human identities. It's the fastest route to critical systems and data, fundamentally changing the face of Indian cyber defense," said Ashish Gupta, Managing Director, India & Head of Engineering at Rubrik. "For Indian organizations, which manage complex hybrid environments involving multiple identity providers (Active Directory, cloud IdPs, SaaS, and NHIs), this complexity creates numerous failure points. Identity systems and data are the two assets attackers most often exploit. Therefore, going beyond prevention, the key to true resilience is ensuring the rapid protection and recovery of both."

"I could have unlimited amounts of technology in place. But if someone socially engineers our support desk to hand over admin passwords, that's the end of the game," said Andrew Albrech, Chief Information Security Officer at Domino’s. "That's why identity resilience is key."

Agentic AI Opens the Door to New Identity Challenges

As organizations integrate agents into their workflows, NHIs will continue to outpace the growth of human identities. In fact, industry reports contend that NHIs now outnumber human users by 82-1. Securing NHIs will become as essential – if not more – as securing human identities, given the growing complexity of managing AI agent operations.

Rubrik’s research found that:

• 86% of respondents have fully or partially incorporated AI agents into their identity infrastructure, and an additional 12% have plans to.

• Over half of IT security decision makers (56%) estimate that in the next year, 30% or more of the cyberattacks they deal with will be driven by agentic AI.

Weakening Confidence in Recovery Strategies Highlights Need for Identity Resilience

Identities are the keys to access an organization’s most sensitive data. Therefore, IT and security leaders must build resilient identity services and infrastructures to ensure a quick recovery and restoration of operations in the face of an attack.

However, overall confidence in recovery times is declining.

Rubrik’s research finds that:

• In 2025, only 32% of India respondents believed they could fully recover from a cyber incident in 12 hours or less.

• 34% of Indian organizations believe that it would take more than 2 days to recover and achieve full-service operations post identity-based attack

• 79% of Indian organizations experienced a ransomware attack in the past year, 91% paid a ransom to recover their data or stop the attack.

 

Organizational concern over the state of identity security is valid, and IAM tools alone are not enough to properly address these challenges. CIOs and CISOs need a comprehensive identity resilience strategy for when, not if, an attack strikes.

Globally, 90% of Leaders Cite Identity Attacks as Top Concern.

● Globally, 89% of organizations plan to hire professionals within the next 12 months specifically to manage or improve identity management, infrastructure, and security.

● 87% of IT and security leaders actively plan to change Identity and Access Management (IAM) providers or have already begun the process.

● 58% cite security concerns as the primary driver to switch IAM providers.

"The rise of identity-driven attacks is changing the face of cyber defense," said Kavitha Mariappan, Chief Transformation Officer at Rubrik. "Managing identities in the era of AI has become a complex endeavor, especially with the labyrinth of NHIs. We have an under-the-radar crisis on our hands where a single compromised credential can grant full access to an organization's most sensitive data. Attackers are no longer breaking in, but logging in, and comprehensive Identity Resilience is absolutely critical to cyber recovery in this new landscape."