Surging demand for cybersecurity professionals in India has led to a supply gap of as much as 30-50% for roles such as cloud security, architecture, and zero trust.
There are currently around 25,000 to 30,000 active openings for cybersecurity roles across IT, global capability centres (GCCs), and other enterprises in the country, a nearly 30% rise from 2023, and more than doubling since 2021, showed data from Teamlease Digital.
Companies are, however, struggling to fill these positions, as the need for cybersecurity scales across industries, and not just within the IT industry. The supply crunch has only worsened with the growing adoption of artificial intelligence.
"Be it a tech service company or a retail or quick commerce one, everyone is working with Agentic AI or GenAI, where the data consumption is massive," said Neeti Sharma, chief executive of Teamlease Digital. "GCCs have only increased this complexity. To support this expansion, we need experienced people which we don't have too many of."
The talent shortage is acute at the mid-senior level, particularly for roles such as security architects, cloud security engineers, incident response experts, and specialists in AI-linked security, where the supply-demand gap has reached as high as 45% to 60% for some skills.
Entry-level roles in security operations centres can be staffed more easily, but most companies now require professionals with hands-on, cross-functional skills, which are scarce in the market. "For instance, to find a pen tester, it takes a lot of time. Not that there aren't enough CEH-certified (ethical hackers) professionals, but not everyone will make a good pen tester," said Murali Rao, partner and leader of cybersecurity consulting at EY India. Pen testers run authorised simulated cyberattacks on systems to find their vulnerabilities.
A survey of 250 cybersecurity professionals across India by ISACA, a global professional association advancing trust in technology, found nearly 56% of respondents lacked key soft skills like critical thinking or problem-solving skills. "Security is an attitude. It is more about curiosity to solve a problem that needs to be inherent. And that can't just be taught," Rao said.
The pay scales reflect the ongoing competition for talent. While entry-level security operation centre (SOC) analysts earn around ₹4-8 lakh per year, mid-senior cloud security engineers and application security professionals are typically paid ₹12-35 lakh. "Premiums for cybersecurity roles-especially in Zero Trust architecture, incident response, and AI/ML security-are estimated at 30%-60% higher than comparable engineering jobs," Sharma said.
There are currently around 25,000 to 30,000 active openings for cybersecurity roles across IT, global capability centres (GCCs), and other enterprises in the country, a nearly 30% rise from 2023, and more than doubling since 2021, showed data from Teamlease Digital.
Companies are, however, struggling to fill these positions, as the need for cybersecurity scales across industries, and not just within the IT industry. The supply crunch has only worsened with the growing adoption of artificial intelligence.
"Be it a tech service company or a retail or quick commerce one, everyone is working with Agentic AI or GenAI, where the data consumption is massive," said Neeti Sharma, chief executive of Teamlease Digital. "GCCs have only increased this complexity. To support this expansion, we need experienced people which we don't have too many of."
The talent shortage is acute at the mid-senior level, particularly for roles such as security architects, cloud security engineers, incident response experts, and specialists in AI-linked security, where the supply-demand gap has reached as high as 45% to 60% for some skills.
Entry-level roles in security operations centres can be staffed more easily, but most companies now require professionals with hands-on, cross-functional skills, which are scarce in the market. "For instance, to find a pen tester, it takes a lot of time. Not that there aren't enough CEH-certified (ethical hackers) professionals, but not everyone will make a good pen tester," said Murali Rao, partner and leader of cybersecurity consulting at EY India. Pen testers run authorised simulated cyberattacks on systems to find their vulnerabilities.
A survey of 250 cybersecurity professionals across India by ISACA, a global professional association advancing trust in technology, found nearly 56% of respondents lacked key soft skills like critical thinking or problem-solving skills. "Security is an attitude. It is more about curiosity to solve a problem that needs to be inherent. And that can't just be taught," Rao said.
The pay scales reflect the ongoing competition for talent. While entry-level security operation centre (SOC) analysts earn around ₹4-8 lakh per year, mid-senior cloud security engineers and application security professionals are typically paid ₹12-35 lakh. "Premiums for cybersecurity roles-especially in Zero Trust architecture, incident response, and AI/ML security-are estimated at 30%-60% higher than comparable engineering jobs," Sharma said.
