India's Quantum Cybersecurity Crisis: Why 40% of Firms Remain Unprepared

India needs urgent quantum-ready cybersecurity as organisations continue to lag: PwC

New Delhi, November 18

The report stated that shifting to quantum-resilient security is no longer optional but a strategic necessity for organisations handling large volumes of sensitive data.

It stated "As India races ahead in its digital transformation, quantum computing is emerging not just as a technological marvel but as a looming cybersecurity frontier.... The future of cybersecurity will be defined by those who prepare today for the quantum realities of tomorrow."

According to PwC, the rapid growth of digital infrastructure, cloud adoption and (Artificial Intelligence) AI-based systems has made data sovereignty and cyber resilience key national priorities.

The report stressed that companies must move beyond awareness and begin taking concrete steps to prepare for a post-quantum world.

It recommends that organisations elevate post-quantum cryptography to a board-level agenda, build internal expertise on quantum risks, and create multi-year roadmaps to transition their systems gradually.

Awareness around quantum risks is rising, the report noted, with quantum computing now ranking among the top three threats that organisations feel least prepared to tackle.

However, this concern is not translating fast enough into action. The report finds that 40 per cent of Indian organisations have not started implementing any quantum-resistant security measures.

At the same time, only 5 per cent of security leaders have included quantum readiness among their top three budget priorities for the coming financial year.

The report also highlighted how artificial intelligence is reshaping India's cybersecurity priorities. AI is now the top area of investment for Indian organisations, especially for closing capability and talent gaps.

According to PwC, organisations are beginning to move from analytical AI to agentic AI--autonomous, goal-driven systems capable of acting with limited human involvement.

Security leaders plan to deploy agentic AI across cloud security, data protection, cyber defence, and security operations. These systems are expected to improve triage speed and reduce response times, helping organisations achieve adaptive resilience at scale.

However, hesitation remains in high-risk areas such as DevSecOps and identity access management (IAM).

The report stated this is due to the high stakes involved in automated patching and access provisioning, where errors can lead to outages or major security lapses.

The report further noted that India's DPDP Act will accelerate improvements in data governance and data hygiene. Companies are expected to invest more in data minimisation, accuracy and responsible AI practices as they comply with new privacy norms.

The report called on organisations to prioritise AI-driven threat detection, speed up the adoption of agentic AI, embed responsible AI principles, strengthen enterprise-wide data governance, and build AI-native cybersecurity talent to stay ahead of emerging risks.

— ANI