THE RESILIENCE PARADOX

When the Playbook Meets the Attacker, It Wasn’t Written For 

India’s CISOs have made cyber resilience their top priority. But research shows that only 2% of organizations have actually built it. With 500 threats recorded every minute — and frontier AI now executing the kill chain faster than any human escalation process can respond— the governing question has changed. It is no longer “Are we secure?” It is: when something breaks through, can we keep running? 

The 2:47 AM call 

The call comes at 2:47 in the morning. 

The bank’s security operations center has flagged unusual activity across three internal systems in the core banking environment. Nothing dramatic — an amber alert, not red. The on-call analyst isn’t sure it’s serious. He escalates anyway. 

By the time the CISO joins the call, thirty minutes later, the situation is serious. 

Something is moving through the bank’s network. It isn’t breaking down doors. It is trying to handle — testing, probing, chaining together small weaknesses that individually mean nothing but together have now produced the keys to the entire kingdom: domain administrator access. The attacker is everywhere. 

The CISO opens the incident response playbook. It was written eighteen months ago, after a tabletop exercise the board called productive. It assumes that the attacker is human. It assumes the attacker works across many days. It gives the security team time to think, escalate, and decide. 

This attacker has been in the network for thirty-five minutes. The kill chain is nearly complete. 

By the time anyone reaches a containment decision — sixty-seven minutes after that first amber alert — 1.3 million customer records have been packaged and staged for exfiltration. The regulatory clock, which started the moment the incident was confirmed, is already running. CERT-In requires notification within six hours. Somewhere on a shared drive is a backup validation report produced for a quarterly audit. Nobody has checked whether the backups actually work. 

The CISO had a plan. It just wasn’t written for the attacker that showed up. 

While this scenario is fictional. Everything behind it is not. 

That CISO is not alone. In 2025, India recorded 265.52 million malware detections — 505 per minute, year-round, according to Seqrite Labs, which monitors over 8 million endpoints across Indian enterprises. CERT-In handled 29.44 lakh incidents, issued 1,530 alerts, published 390 vulnerability notes, and ran 122 cybersecurity drills involving 1,570 organizations across banking, defense, power, telecom, and government. 

India’s internet users now number over 100 crores. Last December alone, UPI processed 13.5 billion monthly transactions. The digital economy is vast, fast-growing, and structurally interdependent — and it is under a sustained, automated, unrelenting attack. Seqrite’s own survey of 180-plus Indian organizations puts the national cybersecurity maturity score at 6.3 out of 10. Only one in three organizations continuously monitors its own attack surface. More than one in four has no incident response plan. 

This is not a story about a lack of spending or a lack of awareness. It is about a gap between the security architecture most Indian enterprises have built, and the threat that now exists on the other side of it. A gap that is no longer theoretical. 

The reckoning: What 2026 changed 

When the theoretical became documented 
 

For three years, the security industry operated on controlled anxiety. AI-enabled attacks were coming. Boards allocated an incremental budget and returned to quarterly numbers. The language was consistently a future tense. That grammar has been revised by force. 

What separates 2026 from the prior cycle of AI security commentary is not prediction but documentation. CERT-In’s threat landscape assessments now describe AI executing 70–90% of tactical attack work autonomously — reconnaissance, vulnerability mapping, payload adaptation, lateral movement — with human threat actors functioning less as operators and more as objective-setters. The machine does the craft. The human provides the intent. The GTG-1002 campaign, documented by Palo Alto Networks’ Unit 42, confirmed this architecture in the wild: AI adapting in real time to defensive responses, not following a pre-scripted attack chain but dynamically revising tactics based on what defenders were doing. 

In April 2026, CERT-In issued advisory CIAD-2026-0020 — the first formal Indian regulatory assessment to explicitly classify frontier AI as a current threat requiring immediate redesign of controls. The significance of that framing is easy to understand. Indian CISOs have grown accustomed to advisories that describe threats at some comfortable remove from their own networks. CIAD-2026-0020 is blunt. Its classification of frontier AI as a present-day operational risk has collapsed on the planning horizon that once separated “preparing for AI attacks” from “defending against AI attacks”. This is the document CISOs need when they sit across from a board that still treats AI-enabled threats as a future budgetary consideration. 

“The turning point came during a board discussion in early 2026, when we juxtaposed two realities: the increasing speed and automation of modern attacks and our own metrics showing that while controls were strong, decision-making and response still relied heavily on human latency. CERT-In’s April 2026 advisory validated what many CISOs were already seeing — adversaries operating at machine speed, executing adaptive, multi-stage intrusions with minimal friction. Our architectures were optimised for detecting-and-respond cycles, while attackers had shifted to AI-driven sense-and-act models. From that moment, resilience stopped being about prevention alone and became about speed of containment, impact absorption, and trust recovery.” 

Dr. Jagannath Sahoo, Group CISO & DPO, Gujarat Fluorochemicals 

The cost collapse that ended the expertise barrier

There is a second dimension to this shift that deserves considerably more boardroom attention than it has received. The cost of executing a full simulated enterprise network attack using frontier AI tools has fallen to under $2 in API calls — confirmed by the UK AI Security Institute’s own testing, in which GPT-5.5 recovered a custom virtual machine instruction set architecture from stripped binaries, built a disassemble, and solved a cryptographic password-check algorithm in under eleven minutes at a cost of $1.73. Read that in the context of what it once required: the infrastructure, the expertise, the tradecraft that previously made sophisticated attacks the province of nation-state actors and well-resourced criminal organizations. That exclusivity is gone.

Structurally, this means the threat of population has expanded beyond any prior model. Mid-tier actors — opportunistic ransomware groups, industrial espionage operations, politically motivated collectives — can now have attack capability that, eighteen months ago, would have required either nation-state backing or years of accumulated expertise. Every risk model built on the assumption that sophisticated attacks require sophisticated, resource-constrained adversaries need to be rebuilt from the ground up.

India’s exposed surface

The timing of this capability shift could not be more consequential for India. The country’s digital transformation has created a uniquely large and uniquely exposed attack surface — one that grew faster than the security architecture surrounding it.

The sectors most heavily targeted — banking and financial services, power and energy, transport — are the sectors on which India’s broader economic architecture depends. CSIRT-Fin and CSIRT-Power exist precisely because failure in these domains is systemic, not institutional. India’s Digital Public Infrastructure — the interoperable stack of identity (Aadhaar), payment (UPI), data (DigiLocker), and health (ABHA) platforms — represents an elevated Tier 1 target class: a successful AI-assisted attack on any component would generate cascading impact across banking, government, healthcare, and retail simultaneously.

“India’s digital ecosystem is unique because of its sheer scale and interconnectedness. Resilience architecture cannot be designed only from the perspective of enterprise security — it must also account for ecosystem dependency. A disruption or compromise at one point can impact millions of users very quickly because everything is interconnected through APIs, digital identities, and real-time integrations. India’s rapid digital adoption also means a very large population is participating in digital services for the first time, increasing exposure to AI-generated scams and social engineering. Resilience here has to be built around trust at scale, secure digital identity, and coordinated response mechanisms across institutions. In many ways, India is operating one of the world’s largest live experiments in digital trust infrastructure.” 

Ashwini Pandey, General Manager Data Privacy, Punjab National Bank 

The architecture that broke

Accenture’s 2025 State of Cybersecurity Resilience research provides the global structural diagnosis. Surveying 2,286 security and technology executives across 24 industries and 17 countries, the research found that 90% of organizations lack the security maturity needed to counter today’s AI-enabled threats. Only 10% of the research calls the Reinvention-Ready Zone.

The Verizon Data Breach Investigations Report 2026, analyzing over 22,000 confirmed breaches from November 2024 through October 2025, adds empirical weight. For the first time in nineteen years, vulnerability exploitation (31%) has overtaken credential abuse as the top initial access vector — a 55% year-over-year increase. Third-party involvement in breaches reached 48%. The median time to full vulnerability resolution increased to 43 days, even as only 26% of CISA Known Exploited Vulnerabilities were fully remediated. These are not trend lines on an existing chart. They are evidence that the architecture of prevention, however well-funded, is structurally insufficient.

Control framework analysis of ISO 27002:2022 against agentic attackers identifies five controls that now generate process activity and compliance evidence without providing adequate protection at the speed the threat requires. These controls require fundamental redesign, not supplementation. This is not a patching problem. It is an architectural problem of the kind that cannot be resolved by incremental investment.

The talent trap

India’s cybersecurity skills gap makes the architectural nature of this problem more acute. Globally, an estimated 4.8 million cybersecurity positions remain unfilled. The 2026 CISO Priorities Survey found that 44% of Indian CISOs named resilience as their top priority — but the same survey identified recovery readiness, identity lifecycle governance, and continuous control enforcement as among the weakest measured capabilities. The gap between stated priority and demonstrated capability is precisely where the risk lives.

“We had built our defences for a traditional attacker operating outside the network. Today, however, attackers are automated, embedded within identities and systems, and able to move rapidly across cloud environments, APIs, and partner ecosystems. Resilience now depends on how quickly teams can interpret weak signals and act without waiting for perfect information, and on how instinctively business, IT, legal, and communications functions align under pressure.” 

Sachin Patil, Head — IT Security, Voltas 

An organization cannot hire its way to safety. The answer must be architectural — and that architecture begins with a clear-eyed acknowledgment of where the current framework fails. 

Seven fault lines 
 
The gap between what Indian CISOs say they are doing and what their organizations can demonstrate under adversarial conditions is not a matter of dishonesty. It is a matter of measurement. Most security programs were built to be assessed against compliance checklists and point-in-time audits. Neither instrument was designed to detect the seven categories of structural weakness that now constitute the primary exposure surface for AI-class attacks. What follows is a diagnostic — not a report card, but a map of where the ground is giving way. 

“When money is tight, Compliance gets paid first because it’s mandated. Prevention gets paid second because it stops immediate bleeding. Resilience is often left with crumbs. The shift happens when leadership reframes from resilience as a business imperative rather than a security feature. When framed as protecting revenue continuity, customer trust, and operational uptime, budget conversations become significantly more effective. Mature enterprises move from a “protect-first” mindset to a “withstand-and-recover” model — balancing spend across prevention, compliance, and resilience to ensure continuity in the face of inevitable disruptions.” 

Kapil Madaan, CISO & DPO, Max Healthcare  

Fault Line 1 — The collapse of the exploit window 
 
Unit 42 documents threat actors scanning new CVEs within fifteen minutes of NVD disclosure. Frontier AI compresses on subsequent phases — analysis, exploit development, target selection — from days to hours. The DBIR 2026 confirms the result: vulnerability exploitation has overtaken credential abuse as the top initial access vector for the first time in nineteen years. 

The control architecture built to manage this problem was not designed for this tempo. ISO 27002:2022 control A.8.8 (Technical Vulnerability Management), assessed against AI-class attackers, is now classified as insufficient — generating patch management process overhead without the speed differential needed to stay ahead of AI-assisted exploitation. The process continues; the protection does not continue. 

For Indian enterprises, this structural tension is amplified by sector-specific constraints. Legacy core banking systems carry interdependencies that make emergency patching dangerous. The RBI’s 99.9% uptime requirement for critical financial infrastructure creates a direct conflict with CERT-In’s mandate for critical patches within 24 hours for internet-facing systems. Most enterprise change management processes were architected for a monthly or quarterly rhythm. They cannot support 24-hour SLAs without structural redesign. 

What this requires is a fundamental separation of patch management into two distinct operating models: a standard track governed by existing change management, and an emergency track with board-endorsed authority to bypass standard approval gates for CISA KEV-listed CVEs, with WAF virtual patching deployed as an immediate compensating control pending full remediation. EPSS-based prioritization — modeling the probability of exploitation in the wild rather than theoretical severity — is the triage layer that makes the emergency track manageable. Without it, every critical CVE receives the same treatment, which means nothing receives adequate treatment. 

▸ Lagging: Mean Time to Containment 

▸ Leading: % of KEV-listed CVEs with compensating control deployed within 6 hours 

Fault Line 2 — AI-Powered social engineering at scale 
 
Generative AI now produces phishing content in Hindi, Tamil, Telugu, Bengali, Marathi, and Gujarati at a quality level that defeats English-language detection heuristics entirely. The DBIR 2026 documents pretext via voice calls achieving 40% higher success rates than email phishing. Mobile-centric phishing shows median click rates roughly 40% higher than email. Voice phishing has demonstrated particularly steep growth. The deepfake dimension compounds this: AI-generated audio and video enable credible real-time impersonation of senior executives, board members, and finance approvers. 

IBM’s 2025 Cost of a Data Breach Report documents how generative AI reduced the time needed to craft a convincing phishing email from 16 hours to 5 minutes. The Hong Kong deepfake fraud of 2024, in which a finance executive was deceived into transferring USD 25 million via a fabricated video call, serves as the reference scenario for Indian fintech, BPO, and global captive operations with distributed financial approval chains. 

Web filtering generates process and reporting activity but provides insufficient protection against content that lacks a filterable signature. The redesign requires DNS security, Remote Browser Isolation, FIDO2 MFA as a hard cryptographic barrier, and — critically for India — multi-channel controls covering voice, SMS, and real-time chat, not email alone. FIDO2 makes phishing credential theft structurally impossible rather than probabilistically less likely. The regional language attack surface makes India uniquely exposed in ways that global security tool vendors have been slow to address; it deserves explicit inclusion in vendor evaluation criteria. 

▸ Lagging: Social engineering incidents as % of total incidents 

▸ Leading: % of workforce covered by multi-channel phishing simulation (voice, SMS, email) 

Fault Line 3 — Autonomous vulnerability discovery and chaining 
 
The most technically significant shift in recent threat intelligence is the move from AI-assisted to AI-autonomous vulnerability discovery. Frontier AI models can analyze a full enterprise exposure surface, identify logical vulnerabilities that traditional scanning tools miss, and chain multiple low-severity findings into critical attack paths invisible to signature-based detection. Each step looks normal. Only the sequence is malicious — and sequence analysis requires behavioral baselines that most Indian enterprises have not yet established. 

India’s significant open-source adoption creates a specific dimension of this problem. AI can analyze public OSS codebases, identify dependency vulnerabilities beyond the current capabilities of most internal security teams, and generate working exploits targeting the specific versions in use. Project Glasswing — Anthropic’s collaborative effort with approximately 50 organizations that build or maintain critical software infrastructure, using its Mythos Preview model — found over 10,000 high- or critical-severity vulnerabilities in a single month across systemically important software, at a 90.6% true positive rate. The same capability deployed offensively does not need Anthropic’s governance guardrails. 

Cisco’s 2025 Cybersecurity Readiness Index India data makes the scale of this challenge concrete: Network Resilience readiness in India is not just stagnant — it is declining, with a notable shift from Progressive to Formative maturity as organizations struggle with the technical and financial demands of upgrading legacy network defenses. Only 9% of Indian companies have reached mature status in Network Resilience, the pillar most directly relevant to containing lateral movement. 

For Indian IT services firms, this fault line carries a third-order consequence that demands explicit recognition. A compromise in a services firm’s environment does not stay there — it cascades into hundreds of client environments globally. The supply chain security posture of a major Indian IT services firm is, at this point, properly understood as a national security consideration, not merely a commercial one. 

▸ Lagging: Network-based exploit incidents as % of total incidents 

▸ Leading: % of critical apps covered by vulnerability harness with adversarial validation 

Fault Line 4 — Identity as the resilience fault line 
 
Identity-related factors appear in 89% of breach of investigations globally. The non-human identity problem is acute and largely unacknowledged. AI coding agents, RPA bots, cloud service accounts, and API tokens proliferate in Indian enterprise environments without the governance applied to human identities. These accounts often carry elevated privileges provisioned for a specific project and never deprovisioned, with credentials that are never rotated. They represent exactly the target profile. AI-class attackers are optimized to discover and exploit high privilege, low monitoring, long persistence. IBM’s 2025 research explicitly identifies non-human identity governance as one of the most consequential gaps in enterprise security architecture, noting that attackers are increasingly logging in rather than hacking in. 

The Cisco India data quantifies the governance gap: just 10% of Indian companies have reached mature status in Identity Intelligence. More than half remain in the Formative stage. The DBIR 2026 reinforces this: 37% of organizations had admin accounts with MFA disabled on IaaS offerings. In large Indian enterprises with thousands of service accounts and significant shadow IT, the inventory itself represents months of remediation work before any review cycle can begin. 

The DPDP Act transforms this from a technical risk into a board accountability issue. Identity failures that result in personal data exposure carry direct regulatory liability for Data Fiduciaries. The path from an unmanaged service token to a significant enforcement action is shorter than most boards understand. 

▸ Lagging: Access-related incidents as % of total incidents 

▸ Leading: % of privileged accounts (human and non-human) covered by phishing-resistant MFA 

Fault Line 5 — The SOC speed gap 

When AI-assisted attacks execute in minutes, a SOC that escalates in hours has already been lost. IBM’s 2025 data show that organizations using security AI and automation extensively contained breaches an average of 80 days faster and at USD 1.9 million lower cost than those that did not. The performance gap between AI-native and legacy SOC operations is now financially material in terms boards understand organizations without extensive AI deployment face average breach costs of USD 5.52 million, versus USD 3.62 million for those with mature deployment. 

Human-speed triage at Tier-1 cannot intercept AI-assisted kill chains. SOAR automation targeting Mean Time to Containment under 10 minutes is the design target — not an aspirational benchmark but the minimum viable performance standard for the current threat environment. India’s talent shortage makes this architectural rather than optional: the Cisco 2025 India data show 86% of respondents cite cybersecurity talent shortage as a barrier to solution deployment.  

You cannot hire your way out of a structural speed deficit. The SOC must be redesigned around automation, with human analysts preserved for judgment tasks: context, consequences, escalation, and calls that cannot be automated because they involve accountability. 

For mid-market Indian enterprises, MSSPs with CERT-In empanelment provide a viable path to AI-native SOC capability. But the contractual SLA conversation must change: Mean Time to Containment metrics, not response to acknowledgment windows, are the performance standard that now matters. 

▸ Lagging: Mean Time to Containment 

▸ Leading: % of critical alerts auto contained within 10 minutes 

Fault Line 6 — Shadow AI and the ungoverned attack surface 

IBM’s 2025 Cost of a Data Breach Report is unambiguous: 20% of breached organizations suffered incidents involving shadow AI, adding USD 670,000 to average breach costs. Shadow AI breaches led to customer PII compromise at a higher rate (65%) than the overall breach average (53%), and to intellectual property compromise at 40%. 

The DBIR 2026 confirms that Shadow AI is now the third most common non-malicious insider action, with 45% of employees now regular AI users, up from 15% — a fourfold increase in a single year. Cisco’s data shows 60% of respondents cannot see prompts made by employees using generative AI tools, and a quarter of organizations provide employees with unrestricted access to publicly available AI tools with no security intermediation. This is not a theoretical attack surface. It is an active one, documented in the breach dataset. 

The DPDP Act dimension deserves explicit board attention. Data entered unsanctioned AI tools may fall outside an organization’s data processing agreements, consent frameworks, and breach of notification obligations. A shadow AI incident that exposes customer personal data is not only a security failure — it is a potential DPDP violation with regulatory consequences. 

The governance answer is not prohibition, which consistently fails and drives adoption further underground. It is a fast-track AI tool review process with a five-business-day SLA from submission to approval decision, making the secure path competitive with the shadow path on the dimension that drives shadow adoption: speed and convenience. 

▸ Lagging: AI-related data exposure events 

▸ Leading: % of AI deployments under formal risk assessment and workload identity 

Fault Line 7 — Supply chain and the agentic supply chain 
 
Supply chain compromise now affects 48% of breaches, according to DBIR 2026 — a 60% year-over-year increase in third-party involvement. These breaches take the longest to detect and contain: a median of 267 days, driven by the trust relationships that make them structurally hard to identify. For India specifically, AI can analyze public open-source dependency trees, identify unpatched vulnerabilities in specific versions, and generate working exploits targeting those versions at scale. 

The emerging agentic supply chain adds a dimension that most vendor security assessment processes are not designed to evaluate. MCP servers, AI plugins, third-party AI orchestration layers, and AI agent frameworks are being integrated into enterprise workflows without the vendor security assessment applied to traditional software suppliers. IBM’s research identifies supply chain compromise through apps, APIs, and plug-ins as the most common cause of AI security incidents, at 30%. The attack vector is the integration layer — and it is expanding faster than the governance around it. 

For Indian IT services firms, client-facing Software Bill of Materials attestation is already required in RFP requirements from European and North American enterprise clients. The transition from differentiator to contract standard will be completed within 18 to 24 months for any firm operating in regulated global supply chains. 

The fundamental reframes required are one of the liability assignments. Supply chain security is not a vendor management process — it is a risk-inheritance calculation. Every third-party relationship is a conditional transfer of that vendor’s security posture into your own threat surface. 

▸ Lagging: Supply chain-attributed incidents as % of total 

▸ Leading: % of critical software artifacts covered by SBOM 

The fault lines indicate what is broken. The architecture that follows shows what replaces it. 

Building the resilience architecture 

From diagnosis to design 

Every minute, India’s enterprise endpoints record 505 threat detections. The architecture must match that rhythm. What follows is a six-part architecture mapped to measurable outcomes. Each action area pairs with a lagging indicator with a leading indicator. The board of conversation requires both. 

“Although resilience is crucial in security strategies, budget allocation often favors compliance and preventive controls due to regulatory demands. Resilience initiatives like incident response and disaster recovery may receive less funding unless their business value is clearly demonstrated. The key is to position resilience as essential to operational continuity, not just supplementary expense.” 

Kavitha Srinivasulu, Head of Information Security, TCS 

Action Area 1 — Redesign the controls that can’t keep up 
 
Five ISO 27002:2022 controls — A.5.25, A.5.36, A.8.8, A.8.23, and A.5.15 — were fit for purpose in 2018–2020 but are now insufficient against agentic attackers. They generate process activity and compliance evidence. What they no longer provide is adequate protection at the speed the threat requires. The redesign logic is replacement, not supplementation: SOAR Tier-1 automation for A.5.25; continuous policy-as-code monitoring for A.5.36; EPSS-based prioritization and automated deployment pipelines with compensating controls for A.8.8; FIDO2 and DNS security for A.8.23; and just-in-time access with automated deprovisioning for A.5.15. 

India’s telemetry makes the urgency concrete. Network-based exploits accounted for over 9.2 million scans across Seqrite’s monitored estate. Top zero-days in 2025 — Oracle EBS, SAP NetWeaver, and multiple Windows Core flaws — were weaponized within days of disclosure. Seqrite’s survey found 7.2% of organizations have no patch management process at all. Only 28% of organizations embed security controls into transformation initiatives from the outset, according to Accenture. This action area must be the exception: embedded from day one of any system or process change. 

▸ Lagging: Mean Time to Containment 

▸ Leading: % of critical alerts auto contained within 10 minutes 

Action Area 2 — Govern identity at machine speed 
 
Three components define the required identity architecture. Most Indian enterprises have not fully addressed any of them. 

First, FIDO2 and passkey deployment targeting 95% coverage of all privileged accounts. Behavioral analytics detects anomalies after access has been achieved; FIDO2 prevents illegitimate access from occurring. The distinction is architectural, not incremental. 

Second, a complete non-human identity inventory. Every AI coding agent, RPA bot, API token, and service account with production access must be cataloged, assigned a workload identity, and governed under least-privilege policy with documented rotation and deprovisioning schedules. IBM’s 2025 research identifies NHI governance as the most consequential gap in enterprise identity architecture. In high-churn cloud environments, 90 days is long enough for a dormant compromised credential to complete a full attack cycle without triggering review. 

Third, the implementation of the Four Pillars of Agentic Defense: enforcing least agency (limiting agent autonomy to specific tasks); deploying Intent Gates and Kill Switches requiring human approval for high-impact actions; transitioning to distinct per-agent credentials replacing inherited user tokens; and implementing untrusted input sanitization with dual-LLM verification architecture for agents processing external data. 

▸ Lagging: Access-related incidents as % of total incidents 

▸ Leading: % of privileged accounts (human and non-human) covered by phishing-resistant MFA 

Action Area 3 — Build resilience muscle through AI-speed simulation 

CERT-In conducted 122 drills covering approximately 1,570 organizations in 2025. The number of Indian enterprises outside any structured exercise program is orders of magnitude larger. Seqrite’s survey found incident response scored 3.62 out of 10 — the lowest of all evaluated dimensions, with 36.5% of organizations holding defined IR processes they have never tested. Accenture’s research found that Reinvention-Ready Zone organizations are nearly six times more likely to conduct red-team simulations and real-world attack testing than those in the Exposed Zone. 

Quarterly cross-functional tabletop exercises must simulate the specific scenarios documented in current Indian threat intelligence: AI-generated multilingual phishing, autonomous vulnerability chaining, and executive deepfake fraud targeting financial approval chains. The GTG-1002 campaign and India-targeted multi-vector operations combining APT activity with hacktivist campaigns against defense and government systems provide the reference scenarios for multi-vector design. 

Two rehearsal requirements warrant for board-level mandating. First, the CERT-In six-hour incident notification rehearsal: every exercise must include a live run of the regulatory notification process — draft notification, escalation chain, and regulator contact sequence. The first time a team drafts a CERT-In notification should not be during an actual incident. Second, full back up restore testing, not backup verification. IBM’s research shows that 76% of breaches take longer than 100 days to resolve; the time it takes to recover reflects organizations discovering that their recovery assumptions were never tested. 

Tabletop exercises must include Legal, Communications, Finance, and HR leadership — not just security. The CISO cannot manage a machine-speed incident with a security-only war room when the consequential decisions — customer notification, regulatory disclosure, media response, business continuity activation — are owned by functions that have not rehearsed their roles. 

▸ Lagging: Mean time to CERT-In notification from detection 

▸ Leading: % of tabletops completed with cross-functional leadership participation 

Action Area 4 — Map and manage the agentic supply chain 

Supply chain compromise takes an average of 267 days to detect and contain and is the most common cause of AI security incidents at 30%. SBOM implementation for all critical internally developed software, targeting 95% own-artifact coverage within twelve months, provides the inventory baseline without which supply chain risk cannot be meaningfully managed. MCP servers, AI plugins, and third-party AI orchestration layers require vendor security assessments of the same rigor applied to traditional software suppliers. Every third-party AI integration with production data access is a supply chain at risk with a documented breach cost profile. 

Cloud Reinforcement readiness in India sits at just 7% Mature, according to Cisco’s 2025 data, with 53% of Indian companies still in the Formative stage — meaning the cloud infrastructure through which many third-party integrations flow is itself inadequately secured. The vendor’s resilience tiering required here is not a vendor management process; it is a risk-inheritance calculation. Tier 1 vendors with critical infrastructure access should face annual AI-red-team exercises; Tier 2 vendors should provide quarterly security attestations; all vendors should be required to notify within four hours of a security incident. 

▸ Lagging: Supply chain-attributed incidents as % of total 

▸ Leading: % of critical software artifacts covered by SBOM 

Action Area 5 — Establish AI-agent governance before the surface becomes unmanageable 
 
IBM’s 2025 data show shadow AI added USD 670,000 to average breach costs. The DBIR 2026 confirms Shadow AI is now the third most common non-malicious insider action. Sixty percent of Indian IT teams cannot see prompts made by employees using generative AI tools. Governance without visibility is nominal. 

The governance architecture requires four components: an approved tool registry with a five-business-day security review SLA for new AI tools; data classification policies governing which data categories can enter which tool classes; CASB or Secure Web Gateway deployment to make AI tool traffic visible to security teams; and workload identity assignment for all AI agents with production data access. The Langflow RCE (CVE-2025-3248), which appeared in active Seqrite telemetry affecting 2,861 customers, confirmed that developer and ML infrastructure are live targets. Governance must extend explicitly to AI orchestration layers, not just end-user AI tools. 

▸ Lagging: AI-related data exposure events 

▸ Leading: % of AI deployments under formal risk assessment and workload identity 

Action Area 6 — Treat security team resilience as a strategic KPI 
 
The MRIS framework classifies security team burnout as a direct operational risk — not an HR concern. In India, the five challenges most cited in Seqrite’s survey are knowledge gaps, workforce shortfalls, budget constraints, low organizational priority, and absent senior management support: a function under-resourced to defend against a threat generating 505 detections per minute. 

SOAR automation targeting 60% automated containment of high-confidence alert classes addresses analyst alert fatigue — the primary attrition driver in Indian SOCs — while simultaneously improving containment speed. Seqrite’s 1:700 ransomware incident-to-detection ratios, with behavioral layers disrupting 699 of every 700 encryption attempts, is the operational case for that investment. 

Career pathway investment in AI-era security skills — threat intelligence analysis, SOAR engineering, identity governance — requires specific development commitment, not just tool exposure. The CISO who loses their best threat analyst to fatigue has not experienced an HR failure. They have experienced a measurable reduction in detection capability. 

▸ Lagging: Key-person attrition rate in the security function 

▸ Leading: Tier-1 triage automation coverage (target: 60 %+) 

The board imperative 
 

Seven Conversations That Cannot Wait 

The CISO’s most consequential work in 2026 is not happening in the SOC. It is happening in the boardroom; in the forty minutes before the agenda moves to quarterly revenue — in the governance conversation that determines whether the resilience architecture gets funded or deferred. The seven messages below are not talking points. They are structural framing that converts operational urgency into governance decisions, grounded in data that boards already receive from their auditors, insurers, and credit analysts. 

Message 1 — The threat has changed in kind, not only degree 
 
Boards that understand the current environment as an intensification of familiar risks are making a category error. CERT-In’s CIAD-2026-0020 advisory and the GTG-1002 campaign documentation describe AI executing 70–90% of tactical attack work autonomously. Frontier AI models have since demonstrated full corporate network takeovers in controlled UK AI Security Institute evaluations. The resource constraint that previously limited sophisticated attacks to nation-state and well-funded criminal actors no longer exists. This is a structural change in the threat of the population. 

Message 2 — India’s regulators have taken notice 
 
CERT-In, RBI, IRDAI, SEBI, and the newly constituted SEBI cyber-suraksha.ai task force has moved from general guidance to specific AI-era control requirements. CERT-In’s 24-hour patch mandate for internet-facing systems is current, not forthcoming. The DPDP Act creates direct board liability for personal data exposure. Non-compliance is a present exposure, not a future risk. 

Message 3 — Five controls we report as active are no longer effective as sole mitigations 
 
This is the hardest message and the most necessary. Accenture’s 2025 research found that only 13% of organizations possess the technical capabilities to defend against modern AI-driven threats. Boards that believe their current compliance posture reflects their actual risk of posture are operating on a measurement gap. Honesty about control insufficiency is itself a governance control. 

Message 4 — Speed is now a security architecture decision 
 
IBM’s 2025 data show organizations using extensive security AI, and automation contained breaches 80 days faster at USD 1.9 million lower costs than those that did not. Mean Time to Containment must be a board-reported metric alongside revenue and NPS. The question is not whether the SOC responded — it is whether the SOC contained the incident before the attack cycle was completed. 

Message 5 — AI tool adoption has created an unmanaged attack surface 
 
IBM’s research shows shadow AI appears in 20% of breaches, adding USD 670,000 to average incident costs. The DBIR 2026 shows 45% of employees are now regular AI users, up from 15% a year ago — a fourfold increase that most security inventories have not kept pace with. The AI-Agent Governance investment is the control. 

Message 6 — The investment case is financially grounded 
 
Cyber insurance pricing now reflects AI-era risk profiles. S&P Global Ratings has explicitly linked AI risk management quality to credit assessments — the resilience architecture is now connected to the organization’s cost of capital. IBM’s average breach cost for organizations with high shadow AI exposure was USD 4.74 million. For organizations using extensive security AI defensively, it was USD 3.62 million. The USD 1.12 million differences represent the financial return on the architecture of investment, before regulatory fines, reputational damage, or DPDP liability is included. 

Message 7 — AI also strengthens our defenses 
 
The board’s investment conversation is not exclusively a risk of conversation. Accenture’s research found that Reinvention-Ready Zone organizations — those with mature strategy and capability — achieved 1.6 times higher ROI on their AI investments overall. Security is not a tax on AI adoption. It is a condition that makes AI adoption sustainable. 

What boards must do differently 
 
Capturing that advantage requires four commitments boards have largely deferred. 

They must co-own AI at risk rather than delegating adoption and security decisions entirely to management — a bifurcation that regulators are increasingly naming as an accountability gap. They must fund structural resilience separately from DPDP compliance, which is related but not sufficient on its own. They must place Mean Time to Containment and backup restore-test success rates on the governance dashboard. And they must formally authorize emergency change procedures that give the CISO function authority to act within CERT-In’s 24-hour mandate without convening a change advisory board at 3 AM. That last point is a governance decision. It cannot be delegated to the technology function. 

The resilience-ready enterprise of 2027 
 
 

What Acts Now Will Look Different 

The resilience-ready Indian enterprise of 2027 is not defined by a certification or a vendor relationship. It is defined by five operational realities: Mean Time to Containment under 10 minutes for high-confidence alert classes; 95% FIDO2 MFA coverage across privileged human and non-human accounts; SBOM implemented for all critical internally developed software; quarterly AI-scenario tabletops that include Legal, Finance, and Communications alongside security; and an AI-Agent Governance framework that makes the shadow path less convenient than the sanctioned path. 

“Three years from now, a truly resilient Indian enterprise will be one that can continue operating confidently even during a cyberattack or large-scale disruption. Resilience will no longer be measured by preventing every attack, but by how quickly organisations can detect threats, respond intelligently, recover rapidly, and maintain customer trust. AI-driven monitoring, Zero Trust architecture, cyber crisis simulations, and automated incident response will become standard capabilities. To achieve this, organisations must move beyond compliance-led security and adopt a resilience-first mindset — one where cybersecurity is treated as a shared business responsibility, not just the function of the IT or security team.” 

Balwant Singh, Group CISO & DPO, DS Group 

No organization will reach that state through a single transformation program. The ones that get there will have sequenced deliberately: first, audit to identify the controls that can no longer perform at machine speed and acknowledge them honestly in the Statement of Applicability. Second, redesign and replace — not supplement — the controls that cannot keep pace. Third, simulate: build muscle memory for scenarios that have not yet arrived. Fourth, govern: establish visibility over AI tool adoption before the surface becomes too large to map. Fifth, measure and report metrics that reflect actual resilience rather than compliance with posture. 

Cisco’s 2025 research found cybersecurity readiness levels globally remained essentially flat from 2024 despite significant budget increases. The organizations that separate from that stagnation are not spending more — they are those spending differently on the architectural changes that incremental investment cannot achieve. 

The profession is being asked to defend at machine speed with human judgment. That is not a problem that gets solved; it is a permanent condition of the discipline, to be architected around rather than waited out. The analysts sitting in Indian SOCs at 2:47 AM are being asked to make containment decisions within timeframes that no human was ever designed to operate reliably within. The organizations that understand this build automation that handles the timeframe problem and preserve human judgment for decisions that require it: context, consequences, escalation, and calls that cannot be automated because they involve accountability. 

The feature began at 2:47 AM, and the kill chain completed faster than human escalation could intercept it. The CISOs who have done the work described in these pages carry a different answer to what happens next. Not because the attack was stopped — it may not have been. But because the blast radius was contained, the notification was ready; the board had rehearsed the scenario three months prior, the backup restored cleanly, and the organization was operational again before the morning news cycle began. 

That is what resilience looks like. Not invulnerability. Continuity. 

Six Resilience metrics for your board 

Purpose: A board-level resilience dashboard for Indian enterprises operating in an AI-accelerated threat environment. These six metrics translate cybersecurity readiness into measurable operational resilience. 

Note: Traditional cybersecurity KPIs measured prevention efficiency. MRIS metrics measure organizational survivability under machine-speed attacks. 

Sources 

CERT-In Annual Report and Advisories 2025–26 • CERT-In Advisory CIAD-2026-0020 • Seqrite Annual Threat Report 2025 • Accenture State of Cybersecurity Resilience 2025 • IBM Cost of a Data Breach Report 2025 • Cisco Cybersecurity Readiness Index India 2025 • Verizon Data Breach Investigations Report 2026 • Palo Alto Networks Unit 42 Threat Intelligence • UK AI Security Institute Capability Evaluations 2026 • Anthropic Project Glasswing Research 2026 • S&P Global AI Risk and Credit Assessment 2026 • SEBI cyber-suraksha.ai Circular, May 2026 • RBI Master Directions on Cyber Resilience 2024 • IRDAI Cybersecurity Guidelines 2026