Zoho Corp released a report stating that 93% of Indian businesses believe AI will enhance their security measures, yet most lack essential guardrails, and one in three have not even implemented a Zero Trust framework.
The findings were revealed in State of Workforce Password Security Report 2026, a global study conducted by Tigon Advisory Corp. on behalf of Zoho Vault, a password management platform. The report was unveiled ahead of World Password Day, which is being celebrated globally on May 7.
"As AI becomes an integral tool at work, organisations need to guard against the new threats emerging in the workplace security landscape. While Indian businesses are keen to adopt AI, they still have blind spots, namely lack of Zero Trust, lack of visibility into their critical systems, and threats from internal sources. This reflects an urgent need for stronger protection within the perimeter. The survey shows clearly that an AI 'bandaid' on these structural gaps will make the situation worse in the long-term. Businesses need sturdier foundations with strong credential management, access controls, and multi-factor authentication," said Chandramouli Dorai, Chief Evangelist, Cyber Solutions & Digital Signatures, Zoho Corp.
AI ambition and adoption in the Indian security landscape
Nearly all respondents (93%) expressed enthusiasm for AI adoption to strengthen their security landscape, and 91% signalled an increase in security budgets in the next five years. Additionally, nearly 29% of Indian employees use more than 10 business applications daily, each representing a credential that must be governed and secured.
Interestingly, one in three organisations lacked a Zero Trust security strategy altogether, a significant vulnerability when AI integration expands the attack surface. Furthermore, 34% reported only partial visibility and control across critical business identities, meaning a substantial share of organisations are moving toward AI-driven operations while still operating with blind spots in who can access what in their systems.
Despite these gaps, 98% of Indian organisations say they are very likely to deploy AI-driven security tools. When asked to identify their top AI priorities in cybersecurity, real-time threat detection and response led at 76%, followed by user behaviour analytics (56%) and risk-based access control automation (55%). The concentration on visibility and response highlights that existing tools are not keeping pace, yet the building blocks those tools depend on, including strong credential management, remain the least adopted measures in practice.
AI ambition and adoption in the Indian security landscape
Nearly all respondents (93%) expressed enthusiasm for AI adoption to strengthen their security landscape, and 91% signalled an increase in security budgets in the next five years. Additionally, nearly 29% of Indian employees use more than 10 business applications daily, each representing a credential that must be governed and secured.
Interestingly, one in three organisations lacked a Zero Trust security strategy altogether, a significant vulnerability when AI integration expands the attack surface. Furthermore, 34% reported only partial visibility and control across critical business identities, meaning a substantial share of organisations are moving toward AI-driven operations while still operating with blind spots in who can access what in their systems.
Despite these gaps, 98% of Indian organisations say they are very likely to deploy AI-driven security tools. When asked to identify their top AI priorities in cybersecurity, real-time threat detection and response led at 76%, followed by user behaviour analytics (56%) and risk-based access control automation (55%). The concentration on visibility and response highlights that existing tools are not keeping pace, yet the building blocks those tools depend on, including strong credential management, remain the least adopted measures in practice.
State of Zero Trust in India
As per the study, 87% of respondents described their security stack as future-ready; among those who did not, 51% pointed to legacy IT infrastructure as the primary barrier. Similarly, 85% expressed optimism about adopting a Zero Trust strategy within three years. The gap between confidence in future readiness and actual infrastructure capabilities highlights the need for investment in upgrading IT environments to support evolving security demands.
Almost half (47%) of the Indian respondents reported being hit by an attack, and 91% believed they had the tools to respond to these attacks. From those who were attacked, 47% rely on real-time threat detection and mitigation, only 25% have implemented strong password policies and MFA, just 9% have prioritised access management and access control, and endpoint security adoption sits at 16%. This imbalance leaves critical gaps across identity and device layers, making it significantly easier for threats, especially those originating internally, to bypass detection and escalate into larger breaches.
Top threats in India
The threat landscape facing Indian organisations underscores the urgency of closing these security gaps. Malicious insiders ranked as the single biggest threat at 23%, ahead of ransomware, and human error at 18% each. Highlighting that, alarmingly, risks for Indian businesses are coming from within the organisations. Therefore, there is a critical need for increasing internal guardrails, from strengthening access management to implementing Zero Trust practices across the organisation.
Compounding this, Indian businesses identified the top three pressing challenges as keeping up with evolving threats (30%), the cost of security solutions (22%), and a shortage of security expertise (16%). These barriers do not exist independently and reinforce each other. Businesses need solutions that solve their security blind spots, while evolving to meet the dynamic threat landscape. Additionally, upskilling security teams equips organisations to better deploy and optimise the solutions they already have, while structured employee awareness programmes will help mitigate the human error and insider risk that technical controls alone cannot eliminate.
Methodology
The State of Workforce Password Security 2026 was conducted by Tigon Advisory Corp. and sponsored by Zoho Vault. The survey captured responses from 3,322 verified professionals globally, across nine regions (USA, India, UK & EU, Canada, MEA, ANZ, Japan, China, and broader APAC), six industries (Financial Services, Healthcare, Technology, Government, Education, and Other), and twelve roles ranging from executive leadership to IT, HR, finance, and operations. India is the largest single-country sample in the study, with around 400 respondents, from the mid-large enterprise segment.
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram