Davos warning: Why cyber insecurity now outranks war for India

Mumbai: As world leaders and industry leaders converge in Davos for their annual meeting, two pivotal reports released by the World Economic Forum—Global Risks Report 2026 and Global Cybersecurity Outlook 2026—reveal converging narratives about our collective vulnerability; while the former identifies geoeconomic confrontation as top global threat, the latter designates cyber insecurity as India’s most severe risk for year ahead, surpassing even income inequality, inadequate public services, economic downturn, and spectre of armed conflict.

This stark assessment should serve as wake-up call for policymakers who have long viewed cybersecurity as technical domain rather than strategic imperative; does it not reflect fundamental shift in how national security, economic stability, and public trust intersect in increasingly digitized society? Like fractals revealing self-similar patterns at different scales, same vulnerability emerges across micro and macro levels—from individual data breaches to systemic infrastructure collapse.

The elevation of cyber insecurity to India’s top threat position represents more than another warning from international body; it mirrors dangerous dance between ambition and vulnerability as we accelerate digital transformation through initiatives spanning financial inclusion, healthcare delivery, and governance modernization. Every new digital service, every connected device, every cloud-based system introduces potential vulnerabilities that adversaries—both state and non-state actors—are increasingly sophisticated at exploiting; timing of this assessment is particularly significant as India stands at critical juncture where digital infrastructure underpins everything from electoral processes to critical utilities, from banking systems to defence communications. The entropy of our digital expansion seems inversely proportional to our security preparedness, creating system that grows more complex yet increasingly fragile.

What makes the current threat landscape particularly challenging is role of artificial intelligence in amplifying both offensive and defensive capabilities; the WEF’s Global Cybersecurity Outlook 2026 reveals that 87% of cybersecurity leaders globally report increased AI-related threats, with 94% expecting AI to be most consequential force shaping cybersecurity this year. For Indian policymakers, this represents dual challenge: harnessing AI’s potential for economic growth and governance efficiency while simultaneously defending against AI-enabled attacks that can adapt, learn, and scale at unprecedented speeds. The paradox of our technological evolution mirrors quantum observation problem—measuring security changes its very nature, attempting to secure AI transforms it into something else.

The nature of AI-driven threats extends far beyond traditional malware or phishing campaigns; advanced AI systems can now generate deepfakes sophisticated enough to impersonate government officials, automate reconnaissance of critical infrastructure vulnerabilities, and craft highly personalized social engineering attacks that bypass conventional security awareness training. During election cycles, AI-generated misinformation can be deployed at scale to influence public opinion, undermine institutional credibility, and polarize communities—concerns that resonate deeply in world’s largest democracy. These digital spectres haunt our collective consciousness, eroding very foundation of informed consent that democratic processes depend upon.

Indian organizations have responded by doubling their AI security assessments from 37% to 64%, with 77% now adopting AI for cybersecurity purposes; these deployments focus primarily on phishing detection, intrusion and anomaly response, and user-behaviour analytics. However, gap between adoption and effectiveness remains concerning; leading cybersecurity concerns include data leaks linked to generative AI, reported by 34% of organizations, and advancing adversarial capabilities, cited by 29%. These figures suggest that while Indian entities recognize threat, translating awareness into robust defences remains work in progress—a pattern repeated across technological revolutions where understanding precedes mastery by generations.

The WEF reports identify geopolitics as top factor influencing cyber risk mitigation strategies in 2026, with 64% of organizations globally accounting for geopolitically motivated cyberattacks such as critical infrastructure disruption and espionage; for India, positioned at confluence of competing global powers and regional tensions, this finding carries particular weight. Cyber operations have become preferred tool of statecraft for adversaries seeking to test boundaries without triggering conventional military responses; why risk confrontation when cyber operations can achieve similar objectives with plausible deniability and minimal cost? The asymmetry of digital warfare creates new calculus where smallest actor can inflict disproportionate damage.

Indian business and technology leaders have responded by elevating cyber risk investment to top-three strategic priority at 72%—significantly higher than global average of 60%; this heightened awareness reflects not just commercial considerations but recognition that cybersecurity has become integral to national resilience. When 91% of world’s largest organizations have changed their cybersecurity strategies due to geopolitical volatility—up from 59% previously—it signals fundamental recalibration of threat perceptions. Yet this reactivity only underscores how we remain reactive rather than proactive in our security posture, always responding to last attack while preparing for next.

Yet investment alone cannot address structural vulnerabilities; confidence in national cyber preparedness continues to erode globally, with 31% of survey respondents reporting low confidence in their nation’s ability to respond to major cyber incidents, up from 26% last year. While some regions like Middle East and North Africa show 84% confidence, these regional variations highlight how institutional maturity, resource allocation, and political will determine readiness levels. Like different quantum states existing simultaneously, our preparedness exists in superposition—both adequate and inadequate until measured by actual crisis.

Quantum computing presents complex challenge—promising revolutionary advances while threatening current encryption standards; captured communications today could be decrypted within decade, exposing state secrets and diplomatic exchanges. Despite ranking among top three threats, 40% of Indian organizations haven’t considered quantum-resistant measures, with only five% prioritizing them in budgets; yet 33% test solutions, suggesting awareness but insufficient urgency. Policy requires immediate long-term planning—transitioning to post-quantum cryptography across multiple layers from code to hardware, creating interdependent transformations that must coordinate perfectly in this temporal vulnerability where present actions become future liabilities.

WEF identifies cyber fraud as pervasive global threat; 73% report personal or known victimization in 2025, indicating crisis of public trust undermining digital governance. Trust erosion represents deeper vulnerability than technical breaches, attacking social contract enabling digital transformation; when citizens lose confidence in platforms, vulnerable populations retreat from engagement, creating vicious cycle where technology without trust becomes exclusionary tool rather than inclusive instrument.

WEF research identifies third-party breaches as India’s top unaddressed risk; 18% of business leaders rank them least prepared threat due to limited vendor visibility and fragmented governance. The distributed nature of modern software creates dependency webs where single compromise cascades through systems; complexity renders comprehensive mapping impossible, with vulnerabilities emerging from component interactions no single entity fully comprehends—emergent properties in digital ecosystems.

The WEF’s designation of cyber insecurity as India’s top threat for 2026 demands fundamental rethinking; 60% of Indian organizations now spend more on prevention, yet barriers—limited awareness, resource constraints, talent shortages, competing demands—require structured action. The challenge transcends technical solutions to encompass institutional evolution; structures must adapt faster than threats emerge.

Policy response must operate simultaneously at multiple levels: strategic elevation to cabinet priority with clear accountability and cross-ministerial authority; operational modernization of security centres, threat intelligence, and incident response teams with competitive compensation; systemic development of comprehensive national strategy addressing critical infrastructure protection, public-private information sharing, international cooperation, and domestic capabilities spanning education, research, and industry. Cyber resilience cannot be approached as mere technical function but strategic requirement underpinning economic stability, national security, and public trust; we must develop collective awareness transcending organizational and national boundaries.

Threats accelerate while response window narrows; quantum computers advance, AI grows sophisticated, geopolitical tensions intensify, adversaries accumulate knowledge of vulnerabilities. The question is not whether to act but whether pace and scale match magnitude; answer determines whether India’s digital future represents opportunity or vulnerability—a choice between enlightenment and entropy in our technological evolution.

• Brijesh Singh is a senior IPS officer and an author (@ brijeshbsingh on X). His latest book on ancient India, “The Cloud Chariot” (Penguin) is out on stands. Views are personal.