As cyberattacks grow sharper, faster and more automated, Indian enterprises are entering what Kaspersky calls the “year of the compressed enterprise”- squeezed between AI-assisted attacks, industrial-scale ransomware and fragile digital supply chains. At the heart of the company’s response are five global Expertise Centres and a newly released India Cyberthreat Matrix for 2026, developed within one of the Centres, Kaspersky’s Global Research and Analysis Team (GReAT), which maps how these forces will collide in the year ahead.

In an exclusive interaction with ETCISO, Jaydeep Singh, General Manager for India, Kaspersky, explains how the Expertise Centres turn raw telemetry into defense, why AI and ransomware will dominate India’s risk conversations in 2026, and what CISOs must change in their strategy if they want to build true Cyber Immunity instead of just a higher perimeter wall.

What follows are edited excerpts from the conversation.

“Our five Expertise Centres are effectively Kaspersky’s cyber-defence engine”

ETCISO: Kaspersky is talking a lot about its five Expertise Centres. Can you walk us through what they are and why they matter to Indian enterprises?

Jaydeep Singh: The simplest way to think about them is that they are five specialised engines powering one global defence system.

We have GReAT – the Global Research and Analysis Team – which hunts the most sophisticated APTs, cyber-espionage campaigns and long-running operations. Then there is the Threat Research Centre, which, while studying carefully the inner workings of APTs. is also at the front line of daily malware, ransomware, phishing and spam. Together, these two are constantly watching how attackers evolve – whether it’s a brand-new ransomware family, a fresh phishing kit or a never-seen-before loader.

The third is our AI Technology Research Centre, which brings together data scientists, ML engineers and threat experts. Its job is twofold: using AI to improve detection and triage at scale, and defending AI systems themselves from adversarial attacks and abuse.

The Security Services Centre is where expertise translates into practice in the most direct manner – through Managed Detection and Response (MDR), Incident Response (IR), Compromise Assessments, Attack Surface Monitoring and Digital Footprint Intelligence. When our experts step into a breach, they bring the full weight of Kaspersky Threat Intelligence with them.

And finally, there is ICS CERT, which focuses on automation systems and industrial environments – OT networks, SCADA and other similar systems in such critical areas as oil&gas, energy, manufacturing, transportation etc. Industrial infrastructures have very different constraints and, frankly, very different stakes. ICS CERT is specialised in OT threat analysis and vulnerability research so that factories, plants and utilities can modernise without becoming easy targets.

For customers in India, the value is that every alert, every detection and every advisory you see is backed by this combined engine, not by one isolated team sitting in a silo.

“2026 will compress enterprises between AI-driven threats and commoditised cybercrime”

ETCISO: GReAT has just released a forecast for 2026, calling out India’s cyberthreat matrix. What is the big message for security leaders here?

Jaydeep Singh: Our colleague Saurabh Sharma from GReAT uses a phrase that I really like: 2026 will be the year of the compressed enterprise. Enterprises are squeezed from both sides – on one side you have AI-assisted, highly automated attacks, and on the other you have the democratisation of cybercrime through models like ransomware-as-a-service.

On the AI side, we’re not just talking about better phishing emails. We are seeing malicious use of generative AI to create realistic voice clones, deepfake videos, social-engineering chatbots and fully automated reconnaissance pipelines. Then you have attacks against AI itself – evasion, poisoning or model extraction aimed at the AI systems enterprises are deploying, or the security controls that rely on ML.

This is where the concept of Dark AI comes in, local or remote deployment of non-restricted large language models specifically for malicious purposes, outside any governance or safety net. Black-hat GPTs like WormGPT or FraudGPT are not fiction; they lower the skill threshold for highly convincing, multi-channel social engineering.

Parallel to that, the ransomware-as-a-service (RaaS) economy keeps maturing. Platforms like RansomHub essentially franchise cybercrime. For India, we see IT, BFSI, manufacturing and healthcare repeatedly in the firing line. With AI tools increasingly used to improve ransomware code and operations, this shifts ransomware from a targeted assault by a few groups to a mass-market commodity that even low-skill actors can run.

Add to this the crypto ecosystem as a new attack frontier, the explosion of cloud and SaaS misconfigurations, the sharp growth in third-party and supply-chain intrusions, persistent APT activity against India, and more sophisticated phishing and Business Email Compromise (BEC), and you have a very crowded threat matrix. Our view is that in 2026, doing “more of the same” will simply not be enough.

Linking the forecast to the five centres

ETCISO: How do these 2026 trends map back to the Expertise Centres you spoke about?

Jaydeep Singh: The forecast is not a standalone document. It is almost like a workplan for the Expertise Centres.

When GReAT and Threat Research tell us AI-driven attacks are rising, the AI Technology Research Centre doubles down on AI-based detection, on using LLMs to analyse logs and links, and on researching attacks against AI systems themselves. That’s how we make sure the technology inside our products and services doesn’t stay static while attackers are experimenting with Dark AI.

When the forecast calls out RaaS as a dominant model, the Threat Research teams track new ransomware strains and affiliate structures, GReAT connects the dots with larger campaigns, and the Security Services Centre adds some missing bits found during actual investigation – and them bakes the distilled knowledge from all the findings into MDR runbooks and incident playbooks. So the next time a similar intrusion pattern appears in a SOC in India, our teams recognise it faster and respond more surgically.

For crypto-related attacks and supply-chain compromises, including malicious packages in open-source repositories, GReAT leads deep-dive investigations while Threat Research keeps updating detection logic. We’ve already seen how a single compromised component – think of the Polyfill.io incident or backdoored libraries – can impact thousands of websites or systems at once. That reality is built into our threat hunting and advisory work.

On the APT front, India remains among the most targeted countries, with groups like Lazarus, Sidewinder and Transparent Tribe very active. GReAT profiles these actors, tracks their campaigns, and works closely with ICS CERT when those tactics start spilling into OT and critical infrastructure. For a large Indian manufacturer or utility customer, this linkage between APT research and industrial security is crucial.

So each trend in the India Cyberthreat Matrix has a clear “owner” and a clear response path inside our Expertise Centres. That’s what turns a forecast into a living defence strategy.

“Perimeter thinking won’t survive 2026. You need intelligence-led defence.”

ETCISO: What does this mean for how Indian CISOs should shape their strategy for 2026?

Jaydeep Singh: The first mindset shift is to accept that perimeter-only thinking won’t survive 2026. You have to move to intelligence-led defence.

Practically, that starts with strengthening endpoints and servers against ransomware, including behaviour-based detection and rollback. That is why we even offer a free Anti-Ransomware Tool for Business – because we see ransomware as a systemic risk, not just one more malware family.

Second, there has to be a ruthless focus on hygiene and lateral-movement detection. Patching, eliminating known vulnerabilities, enforcing least privilege – these are not glamorous projects, but they decide whether an intrusion stays a small incident or becomes a business-stopping breach. Design your monitoring around unusual internal movement and data exfiltration to the internet. And keep offline, quickly accessible backups that attackers can’t encrypt or wipe.

Third, for most mid- to large-sized organisations, EDR/XDR plus Threat Intelligence is no longer optional. You need visibility into what is happening on your endpoints and in your network, correlated with what GReAT and our Threat Intelligence teams are seeing globally – new tools, TTPs, infrastructure. That combination is what allows your SOC to detect and respond to a RaaS affiliate or an APT foothold before it becomes front-page news.

For industrial and OT-heavy sectors – manufacturing, energy, transport, utilities – I would add a separate line item: OT visibility. You should find vulnerabilities, mitigate them and monitor what happens in OT alongside the IT events

Finally, we recommend a platform approach. Our Kaspersky Next product line, for instance, is designed so that an organisation can start with the level of EDR/XDR that matches its current maturity and then move up as its processes and people evolve, without having to rebuild everything from scratch.

ETCISO: If you had to leave Indian security leaders with one takeaway from both the Expertise Centres and the 2026 forecast, what would it be?

Jaydeep Singh: I would say: shift your goal from “not getting breached” to building proactive cyber resilience. In a world of AI-accelerated threats, RaaS franchises and fragile supply chains, promising zero incidents is unrealistic. What you can promise is that your organisation will detect early, respond decisively, recover quickly and learn continuously.

The India Cyberthreat Matrix for 2026 tells you where the pressure will come from. The five Expertise Centres are our way of making sure we are ready for that pressure. Intelligence-led defence is how we help customers turn those insights into actual resilience on the ground.

If Indian enterprises make that mental switch now, 2026 will still be tough – but it will be a year of measured control, not constant panic.

Note: This article is a part of ETCISO’s Brand Connect Initiative.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!