A new survey by Infopercept Consulting highlights a critical blind spot in India’s enterprise cybersecurity landscape: 84% of Chief Information Security Officers (CISOs) lack complete visibility into their organization’s cyber exposures — from vulnerabilities and misconfigurations to human errors and counterfeit assets.
The “State of Threat Exposure Management: India CISO Survey Report (Jan–June 2025)”, based on responses from 500 CISOs across large Indian enterprises, reveals fragmented tools, unclear accountability, and slow remediation cycles — gaps that cyber adversaries are exploiting at speed.
“Cyber exposures are open doors for adversaries, and right now, Indian enterprises are leaving too many unlocked,” said Satyakam Acharya, Director of Exposure Management at Infopercept. “The real challenge is not just the growing number of exposures, but the lack of clarity, integration, and speed in addressing them.”
Key Findings
- Visibility Gaps: 84% lack full exposure visibility; 69% depend on siloed tools; only 11% use a unified risk platform.
- Rising Exposures: 83% saw a surge in known exposures over the past year; 66% miss timely remediation for more than half.
- Accountability Issues: 77% report unclear remediation ownership between IT, DevOps, and business units.
- Custom Applications as Top Threat: 87% name them the biggest concern, with fixes delayed by overburdened dev teams.
- Fragmented Risk View: 76% lack integrated visibility across internal, external, and control exposures.
- Flawed Prioritization: 74% say legacy models like CVSS fail to capture business impact, demanding context-driven risk scoring.
- Human Factor Risks: 61% flag Gen Z digital habits as new risks; 74% find traditional awareness programs ineffective.
Despite these challenges, just 19% of enterprises have a mature Continuous Threat Exposure Management (CTEM) program, even though 85% of CISOs believe CTEM adoption will significantly strengthen defenses by 2026.
“The gap between business priorities and security imperatives is widening,” said Purvang Raval, Assistant Vice President of Product Marketing at Infopercept. “Until exposure management becomes a continuous, business-aligned discipline, organizations will remain vulnerable to both known and emerging threats.”
The report concludes that without integrated tools, clearer accountability, and contextual prioritization, Indian enterprises will continue facing elevated risk from evolving cyber exposures.
