As organizations race to harness the power of AI and digital transformation, Cybersecurity has become both a business imperative and a strategic differentiator. India’s rapid digital acceleration—fueled by cloud adoption, generative AI, and public digital infrastructure—has opened new frontiers of innovation but also amplified the complexity of managing risk across industries.
In this exclusive conversation with CISO Forum, Gautam Kapoor, Managing Director & Lead – Cybersecurity, Accenture in India, sheds light on how enterprises can navigate this evolving threat landscape. From AI-powered attacks and compliance challenges to secure-by-design frameworks and predictive defense models, Kapoor outlines the new rules of resilience in an era where trust and transformation must go hand in hand.
He explains why Cybersecurity is no longer a back-office control function but a growth enabler—one that can power secure innovation, safeguard AI adoption, and redefine digital confidence for the enterprise of the future.
MD & Lead – Cybersecurity
Accenture in India
CISO Forum: What challenges do organizations face in managing cyber risk across sectors with vastly different regulatory and operational profiles?
Gautam Kapoor: Organizations face mounting challenges in managing cyber risk as they scale AI-driven initiatives across diverse sectors. Many lack foundational security practices – 81% of organizations in India fall short of protecting critical data pipelines and cloud infrastructure, according to our latest research. Some of the contributing factors include the absence of AI security policies, weak implementation of security controls, limited monitoring, and a shortage of skilled professionals.
At the same time, organizations have to navigate diverse compliance requirements while maintaining a consistent security posture. The core challenge is unifying controls across legacy systems, modern cloud-native platforms, and diverse third-party environments. Without these safeguards, organizations remain vulnerable to data breaches, regulatory penalties, and advanced threats, including adversarial attacks, data poisoning, and model manipulation.
CISO Forum: What unique cyber risks are emerging in India’s fast-growing digital economy?
Gautam Kapoor: India’s digital economy is booming, propelled by the adoption of AI, cloud technologies, and robust digital public infrastructure. However, this rapid growth is exposing organizations to increasingly sophisticated cyber threats. AI-powered attacks are becoming quicker and more challenging to detect. According to our recent report, only 8% of Indian organizations are currently prepared to defend against these advanced threats. Foundational digital platforms face mounting attacks, making cyber resilience an urgent priority.
A significant challenge adding to the risk landscape is the lack of strong AI governance. According to the report, only 19% of companies in India have clear policies and training in place for the secure use of AI. Many organizations still rely on reactive cybersecurity models, which are ineffective in dealing with today’s dynamic threat landscape. As Indian enterprises build proprietary AI, securing these models against theft and manipulation is critical. Cyber resilience must be considered at the forefront of every digital initiative.
CISO Forum: How can Cybersecurity be embedded end-to-end across large-scale enterprise transformation programs, particularly in AI and gen AI-led initiatives?
Gautam Kapoor: Cybersecurity by design is essential for successful AI-driven enterprise transformations. Security must be integrated at every stage, from data ingestion and model training to deployment and governance, rather than added as an afterthought. Our research highlights that 81% of Indian companies remain vulnerable due to a lack of cohesive cybersecurity strategies and insufficient technical capabilities. As cyber threats become increasingly sophisticated, especially with the adoption of gen AI by bad actors, traditional defenses are often inadequate, making it imperative to adopt secure-by-design architectures, continuous threat modeling, and AI-specific risk controls to ensure resilience throughout innovation.
The rapid evolution of generative AI brings both new challenges and significant opportunities for enterprise security. Initiating threat modeling early in the design process enables organizations to identify and address vulnerabilities before development, allowing them to detect threats early and take proactive measures to mitigate risks. By building AI systems with robust security foundations and maintaining continuous monitoring and updates, enterprises can stay ahead of emerging threats. This proactive stance not only safeguards digital transformation initiatives but also enhances competitiveness and customer trust, positioning Cybersecurity as a key business enabler.
CISO Forum: How can Cybersecurity shift from compliance to becoming a driver of digital growth?
Gautam Kapoor: Cybersecurity is no longer about simply ticking boxes or meeting the bare minimum controls; it is a growth enabler. When embedded into a digital strategy, it builds trust, accelerates innovation, and opens new markets. In fact, it can act as a differentiator in transformation programs, helping organizations reduce pursuit cycles and enhance customer experience through secure innovation. The shift requires reframing security from a cost center to a value creator.
As organizations accelerate their AI transformation, they must rebalance cybersecurity investments to stay reinvention-ready through four critical actions:
• Develop and deploy a fit-for-purpose security governance framework and operating model that accounts for the realities of an AI-disrupted world, establishes clear accountability, and aligns AI security with regulatory and business objectives.
• Design a digital core to be generative AI secure from the onset by embedding security into AI development, deployment, and operational processes.
• Maintain resilient AI systems with secure foundations that proactively address emerging threats, enhance detection capabilities, enable AI-model testing, and improve response mechanisms.
• Reinvent Cybersecurity with gen AI by leveraging it to automate security processes, strengthen cyber defenses, and detect threats sooner.
By placing security at the core of their AI journey, organizations can safeguard their investments while driving sustainable growth.
CISO Forum: What immediate cyber priorities must enterprises act on in the next 12–18 months?
Gautam Kapoor: In the era of accelerating digital transformation and AI adoption, enterprises must make a decisive shift from reactive to predictive security models. This starts with redefining governance frameworks, as the traditional approach is no longer sufficient in an AI-driven world. Organizations require governance that is fit for purpose, enabling them to identify and address emerging risks, particularly those associated with generative AI, data pipelines, and cloud infrastructure. Security must be integrated from the start, rather than being considered at a later stage, to ensure that adequate controls are part of the digital core from ideation to execution.
Equally critical is developing and maintaining a resilient core. Enterprises must strengthen identity and access management for hybrid workforces, invest in AI-powered threat intelligence, and embed cyber resilience into boardroom agendas. As most organizations remain unprepared for AI-enabled threats, the future of Cybersecurity depends on generative AI enabling automated detection, response, and recovery to outpace adversaries and sustain business operations.
CISO Forum: How does Accenture help enterprises address current cybersecurity challenges while balancing risk, compliance, and operational efficiency?
Gautam Kapoor: Over the past two decades, Accenture has developed one of the most comprehensive and trusted portfolios of security services in the industry, enabling clients to navigate an increasingly complex threat landscape with confidence and scale.
What truly differentiates us is our end-to-end approach from strategy and architecture to implementation and managed services, all delivered through an industry-specific lens. This ensures solutions are tailored to each sector’s unique needs, accelerating maturity across cyber risk, compliance, and operational resilience.
Our expertise spans six key areas: cyber strategy, protection, resilience, industry-focused services, cyber-physical security, and emerging technologies, including quantum and space security. Through our Cybersecurity as a Service (CaaS) model, we provide flexible, modern, and automated defenses that offer clear visibility and control, empowering clients to strengthen their security posture while enhancing efficiency and driving growth.
