New CISO report reveals Indian organizations face rising risks from misconfigurations, vulnerabilities, and unremediated custom applications
AHMEDABAD, India, Aug. 7, 2025 — A newly released survey report by Infopercept Consulting has uncovered a critical cybersecurity gap in Indian enterprises: 84% of Chief Information Security Officers (CISOs) do not have full visibility into their organization’s cyber exposures—ranging from vulnerabilities and misconfigurations to human-related risks and counterfeit assets.
The report, titled “The State of Threat Exposure Management: India CISO Survey Report (Jan–June 2025),” presents the findings of 500 CISOs from large Indian enterprises and paints a concerning picture of fragmented exposure management, lack of remediation ownership, and increasing business risk.
“Cyber exposures are open doors for adversaries. And right now, Indian enterprises are leaving too many of those doors unlocked,” said Satyakam Acharya, Director of Exposure Management at Infopercept. “The problem is not just the growing number of exposures, but also how unclear ownership, disconnected tools, and manual processes delay remediation. Attackers are exploiting these weak links faster than ever.”
According to the survey, 83% of CISOs reported a sharp rise in known exposures over the past year, driven by larger attack surfaces, compliance audits, and continuous scanning. Yet 66% admitted they are unable to act on time for more than half of the exposures identified by their tools.
Other findings highlight widespread organizational challenges:
“The data points to an urgent need for a unified, business-aligned approach to exposure management,” said Purvang Raval, Assistant Vice President of Product Marketing at Infopercept. “From ineffective risk scoring models to Gen Z bringing in new human risks, the traditional methods no longer work. What’s alarming is that only 19% of organizations have a mature Continuous Threat Exposure Management (CTEM) program—even though 85% of CISOs believe CTEM is key to improving security posture by 2026.”
The survey also highlights the disconnect between business operations and security, with 66% of CISOs reporting resistance from business teams when recommending critical remediation actions. 48% noted that business risk tolerance often overrides technical risk severity.
Key Findings from the Survey
1. Visibility Gaps
2. Surge in Known Exposures
3. No Clear Ownership of Remediation
4. Custom Applications Pose the Greatest Risk
5. Fragmented View Across Exposure Vectors
6. Scoring Alone Is Not Enough
7. Human Risk from Gen Z Workforce
Top 7 Exposure Management Priorities for Indian CISOs (2025–26)
About the Survey
About Infopercept:
Infopercept is one of the fastest-growing platform led managed security services company from India, serving global clients in all areas of cybersecurity, including defensive, offensive, detection and response, and security compliance. Infopercept has its own cybersecurity platform, 'Invinsense,' which integrates tools such as SIEM, SOAR, EDR, deception, offensive security, and compliance tools. Its cybersecurity and MDR services include dedicated teams of experts, ensuring that organizations have 24x7 cybersecurity operations support. For more information, please visit www.infopercept.com