Vishal Salvi, chief executive of domestic cybersecurity firm Quick Heal Technologies, told Mint that on an average, “AI has the potential to reduce the manpower cost for a cybersecurity company by 30-40%. While the impact of this decrease in cost is not a 1:1 affair, in the long run, AI is undeniably accelerating the drop in per-unit cost of cybersecurity software as it grows at scale.”
Businesses are already seeing the benefits of this. Karon Shaiva, managing director of Mumbai-based MSME Idobro Impact Solutions, said, “For small companies, the cybersecurity outlay is less than 1% of net expenditure, but this is also a factor of the cost of security services scaling down. This has happened thanks to AI helping scale costs.”
This, Shaiva added, is because “it becomes very difficult for small enterprises to bear the financial, operational and reputational loss in the case of a cyberattack.”
Such a disruption became apparent in July. A faulty update from content distributor CrowdStrike led to widespread outage of IT hardware, highlighting the need for even small businesses to have managed cyber service partners.
In August, a Gartner report projected cyber expenditure in India to rise 17%—up to $3.4 billion next year, from $2.9 billion this year. Managed cybersecurity providers, which are leveraging AI to reduce costs, are expected to grow 42% in India.
Managing costs
To be sure, cybersecurity firms have always used AI to track new vulnerabilities and automate services. Managed service providers, which businesses outsource their cybersecurity operations to, were so far expensive since cybersecurity engineers are expensive resources. Adopting AI and automation in services such as alerting threats is now helping scale this cost, which is key for cost-aware micro, small and medium enterprises (MSMEs).
This is important, because MSMEs are key vendors and suppliers to India’s industrial conglomerates. Akshat Jain, cofounder and chief technology officer of cybersecurity firm Cyware, said, “Large enterprises typically engage with hundreds of suppliers and vendors who have approved access to their systems, making MSMEs security-critical to safeguarding the broader ecosystem. Protecting MSMEs is not just about their own resilience—it’s also about preventing potential compromises that could cascade into the larger enterprises.”
Apurva Gopinath, deputy vice-president of risk management, insurance and consulting firm Aon, further added that select industries could be more sensitive than others. “BFSI faces stringent regulations, while healthcare, due to rapid digitization, is yet another key industry where cybersecurity adoption is growing fast,” she said.
Using cybersecurity for MSMEs
Initial uptake, as a result of reduced costs, is ramping up. Ravindra Baviskar, director of sales engineering at UK-headquartered cybersecurity firm Sophos, said that MSMEs are “implementing firewalls, adopting endpoint protection tools, and having regular hygiene checks to meet industry standards.”
“The adoption of cybersecurity platforms among MSMEs may not be to the extent of larger enterprises, but they are at least outsourcing the bare minimum today. After all, cyberattacks target each and every size of companies,” he added.
The AI-powered adoption affordability of cybersecurity is a global trend, too. IBM’s annual ‘Cost of a data breach’ report from July said that organizations adopting AI in cyber security saved $2.2 million annually versus those that didn’t.
Lalit Kalra, partner, cybersecurity at consultancy firm EY India, concurred with IBM’s findings. “The price reduction of cybersecurity services, with the help of AI, depends on specific solutions. Organizations that traditionally spend upwards of $500,000 ( ₹4 crore) per year on governance, risk, and compliance see a 70% reduction in this cost, when they opt for platforms that let users choose services that they require,” he said.
On overall terms, Kalra, who consults multiple enterprises on cybersecurity best practices, said that MSMEs have increased their cybersecurity spends by 60% this year, over 2023.
Alongside cost, AI is also helping businesses respond to breaches faster. “Organizations that employed security AI and automation extensively detected and contained an incident, on average, 98 days faster than organizations not using these technologies,” IBM’s report said.
Explaining why AI is having this impact on accessibility of cybersecurity for small businesses, Katya Ivanova, chief sales officer of Switzerland-headquartered cybersecurity firm Acronis, said, “Instead of having an engineer who will analyze the logs, understand the cyber threat and provide a solution, AI would automatically do it. It provides a summary of the threat in the form of a report, and also compiles common data for future reference.”