Rubrik, Securonix and Proofpoint reported shorter sale cycles, demand for additional disaster recovery locations and stronger digital ring fences, as the threat of phishing emails and cyberattacks has gone up manifold.
The volatile geopolitical scenario coupled with the recent spate of attacks on digital infrastructure during the West Asia conflict and the experience last year during the short India-Pakistan conflict have put Indian boardrooms on high alert.
“Sales cycles that were months long are now closing in weeks. That’s a real signal from the market. Organisations want to quickly finalise cyber disaster recovery solutions,” Bipul Sinha, chief executive of cloud management and data security firm Rubrik, said.
This is in sync with the Indian government’s renewed focus on its own cybersecurity preparedness and large Indian companies investing heavily in cyber security themselves. Also, with the Digital Personal Data Protection Act (DPDP) kicking in, anxious to plug potential data leakage points.
A FICCI-EY risk survey published in February this year found 64% of businesses reported geopolitical tensions were already disrupting decision-making. Geopolitical risk is no longer a one-off event, it is now a constant, said the report.
During last May’s India-Pakistan standoff, Indian banks reported millions of phishing attacks daily. On a normal day, that number is just a few hundred. Banking and telecom customers have been among the hardest hit, with phishing emails driving most of the attacks, said Ajay Biyani, VP of sales, APMEA, Securonix, a US-based security solutions provider.
India’s cybersecurity market stood at $5.5 billion in 2025, and is estimated to reach $6.5 billion in 2026 and $15 billion by 2031, according to market research platform Mordor Intelligence.
Keeping a firm focus on business continuity, Sinha of Rubrik said Indian organisations were increasingly honing in on defining and securing their ‘Minimum Viable Business,’ a core set of services, required to keep operations running during a crisis.
Also Read: Indian companies turn to outsourced cybersecurity to bridge talent gap
Firms expand operations
Securonix opened a second disaster recovery site in Hyderabad earlier this year, adding to its facility in Mumbai. “Disaster recovery has become a top-of-mind discussion for enterprises,” said Biyani.
Enterprise customers and third-party cybersecurity outsourcing companies are concerned about security after such events, said the firms.
Biyani explained that large corporations are seeking answers to questions like what if an entire data centre goes down, is there a backup? The UAE attack showed why that fear is valid. With only one zone operational, workloads had to be moved, some to Ireland, some to India.
“We have been working on cyber resilience non-stop for the last three quarters,” he said.
US-headquartered Proofpoint built a local data centre, live from the third quarter of 2025. The company’s India Centre of Excellence (CoE) in Pune now has over 400 employees across product development, customer support, and technical services, according to Bikramdeep Singh, India country manager, Proofpoint.
Regulators on high alert
The 2024 global IT outage and the Suez Canal blockage also pushed regulators into action. Following those disruptions, the country’s central bank (RBI) mandated stronger resilience practices and impact tolerance thresholds, said technology entrepreneur Pradeep A.
“Our government has increased the cybersecurity budget significantly, but the private sector must move faster. Investment in cloud security, AI-powered threat detection, and distributed resilience is no longer discretionary,” he added.
Demand is only set to grow with the DPDP Act also coming into force, industry experts said. It regulates how organisations collect, protect, and respond to risks involving personal data. Full compliance is expected by May 2027.
“It is no longer enough to know where systems are hosted. Enterprises need to know where sensitive data resides, who can access it, how it moves across email, cloud, SaaS and endpoint environments, and whether it is being exposed through employees, insiders, third parties or AI tools,” said Proofpoint’s Singh.
AI adoption increases the scale and complexity of data exposure, he added. “AI systems need data to function, but that also means they may access, process or summarise sensitive information in ways that are difficult for security teams to monitor if governance is weak.”