What’s Keeping India Inc Up at Night?

India’s top cybersecurity leaders reveal their priorities and strategies for 2025

IN THE quiet hours of a Mon day morning, as trading floors buzz to life and office lights flicker on across Mumbai’s financial district, Maya Gupta confronts an unsettling reality. The Chief Information Security Officer’s Screen displays what has become an increasingly common sight: evidence of an artificial intelligence-driven attack probing her firm’s defenses. It is a stark reminder that the cybersecurity landscape of 2025 bears little resemblance to that of even a few years ago.

The rise of AI-powered threats marks a watershed moment for corporate security. No longer can firms rely on traditional defenses against conventional attacks. Today’s cyber adversaries deploy sophisticated algorithms that mimic human decision-making, probing networks with unprecedented precision. The stakes for companies have never been higher as regulations tighten and boards demand both ironclad security and business agility.

This new reality has transformed the role of the Chief Information Security Officer (CISO) from a technical specialist to a strategic leader. Our analysis, drawing on conversations with senior security executives, reveals ten critical priorities reshaping corporate defense in 2025.

1. The AI paradox

No challenge looms larger than artificial intelligence’sintelligence’s dual role as both sword and shield. While security teams harness AI to automate threat detection and response, criminals exploit the same technologies to orchestrate increasingly sophisticated attacks. Gartner, a research firm, projects that by 2027, over 40% of AI-related data breaches will originate from the improper use of generative AI across international borders. The swift adoption of these technologies has outpaced the development of governance frameworks, creating vulnerabilities that attackers eagerly exploit.

According to the study, the speedy adoption of GenAI technologies by end-users has outpaced the development of data governance and security measures, raising concerns about data localization due to the centralized computing power required to support these technologies.

AI enables attackers to create deepfakes, AI-driven phishing attacks, and automated malware that bypass traditional security measures. CISOs must invest in AI-driven security solutions to counteract these threats and automate their defenses.

According to Gartner, the lack of consistent global best practices and standards for AI and data governance exacerbates challenges by causing market fragmentation and forcing enterprises to develop region-specific strategies. This can limit their ability to scale operations globally and benefit from AI products and services.

2. Regulatory complexity and data sovereignty

The regulatory landscape has become more complex with the introduction of India’s Digital Personal Data Protection Act (DPDPA), joining established frameworks like Europe’s GDPR. These regulations impose stringent requirements on data localization, breach notifications, and consent management, forcing multinational firms to navigate a complex web of compliance mandates. The challenge is particularly acute for organizations operating across borders, as data sovereignty rules fragment global operations.

The DPDPA mandates that organizations process digital personal data within India and obtain explicit consent before data collection and processing. Non-compliance carries substantial financial penalties, compelling firms to reassess and strengthen their data handling practices.

A critical aspect of these regulations is data localization, which requires companies to store and process data within national boundaries. This presents significant operational challenges, especially for multinationals that rely on seamless cross-border data flows. Additionally, stringent breach notification requirements necessitate robust incident response mechanisms to mitigate risks and regulatory repercussions.

Consent management frameworks are equally crucial, as they empower individuals to control their data. Organizations must implement transparent processes to obtain, manage, and document user consent—ensuring compliance while fostering trust. Beyond regulatory adherence, a well-structured consent strategy enhances customer relationships by prioritizing data privacy and transparency, fostering trust and confidence.

Pawan Chawla, Chief Information Security Officer and Data Privacy and Protection Officer at Tata AIA Life Insurance Company, emphasizes, “It is essential first to understand compliance and build a compliance versus a competitive advantage, which you can get from the data.” His perspective highlights a strategic opportunity—leveraging compliance as a differentiator to turn regulatory obligations into a competitive edge.

CISOs play a pivotal role in developing comprehensive governance and compliance programs. This includes conducting regular audits, implementing advanced data protection technologies, and fostering a culture of privacy awareness within organizations. By proactively addressing these challenges, companies can navigate the evolving regulatory landscape, safeguard sensitive information, and maintain stakeholder trust in an increasingly data-driven world.

3. The supply chain vulnerability

Ransomware attacks have evolved beyond targeting individual organizations to exploiting vulnerabilities within supply chains. OpenText’s 2024 Global Ransomware Survey reveals that 90% of Indian firms experienced ransomware breaches linked to supply chain partners over the past year. The attack on software provider Blue Yonder, which disrupted operations for major retailers such as Starbucks and Morrisons, underscores the growing threat.

Gartner warns that organizations failing to address third-party risks will face heightened exposure to cyber extortion and operational disruptions. As Ravi Prakash Burlagadda, Senior Vice President—Information Security at Jio Platforms, observes, “Ransomware-as-a-service is becoming popular, with attackers targeting the weakest link—whether it’s technology, people, or the supply chain.”

To counter these threats, businesses are adopting zero-trust security frameworks, strengthening third-party risk management, and enhancing endpoint detection and response (EDR) solutions. OpenText’s report also highlights growing concerns about the role of generative AI in cyberattacks, enabling adversaries to craft more sophisticated phishing campaigns and automated exploits.

Moving forward, continuous security monitoring, stricter compliance requirements, and rigorous vendor security assessments will be critical in mitigating supply chain ransomware risks. Organizations must shift from reactive security strategies to proactive, intelligence-driven defenses to protect critical data and maintain operational resilience.

 4. Identity: The new perimeter

As traditional security boundaries dissolve in an era of remote work and cloud computing, identity management has become the new frontline of cyber defense. “Sixty-eight percent of breaches happen due to identity compromise. Simple two-factor authentication is no longer enough,” notes Ashis Rout of HDFC Bank. Organizations are rapidly adopting zero-trust architectures, treating every access request with skepticism regardless of its origin.

Enterprises integrate multi-factor authentication (MFA), biometric verification, and identity threat detection and response (ITDR) solutions to counter these threats. The Cloud Security Alliance highlights that external identities are projected to outnumber internal ones by a ratio of 3:1, making B2B identity security a critical priority.

As attackers refine their tactics, CISOs must leverage AI-driven security models, real-time analytics, and automated threat detection to enhance Identity and Access Management (IAM) frameworks and ensure resilience in an increasingly complex cyber landscape.

5. The human factor persists

Despite technological advances, human error remains a critical vulnerability. Verizon’s research indicates that 74% of security breaches involve human elements. Social engineering attacks have grown more sophisticated, exploiting psychological vulnerabilities that technology alone cannot address.

Phishing, in particular, has become increasingly sophisticated, with cybercriminals employing advanced techniques to deceive individuals. As Pradipta Patro, Head of Cyber Security & IT Platform at KEC International, observes, “People continue to fall for phishing attacks due to the free culture—free offers, free incentives, and free deals.” This exploitation of human psychology underscores the necessity for comprehensive security measures that address behavioral vulnerabilities.

To combat these threats, organizations are implementing multifaceted strategies:

1. Security awareness training: Educating employees about potential threats and safe practices is paramount. Interactive programs, including videos, games, and quizzes, have been shown to enhance engagement and retention. Proofpoint highlights that 59% of security professionals believe that interactive training significantly boosts the effectiveness of security awareness programs.
2. Phishing simulations: Conducting simulated phishing attacks allows employees to practice identifying and responding to malicious emails in a controlled environment. These exercises reinforce training and help assess the organization’s vulnerability to phishing. Research indicates that such simulations can reduce phishing susceptibility over time.
3. Behavioral analytics: Utilizing advanced analytics to monitor user behavior can help detect anomalies indicative of potential security threats. Organizations can identify deviations that may signal compromised accounts or insider threats by establishing baseline behavior patterns. This proactive approach enables timely intervention before incidents escalate.

These strategies foster a culture of vigilance and resilience against social engineering attacks. Organizations can significantly reduce the risk of data breaches stemming from human error by addressing the human element through continuous education, practical simulations, and behavioral monitoring.

6. The skills gap challenge

A global shortage of four million cybersecurity professionals has forced organizations to rethink their approach to security operations. Many are turning to managed services and automation, with Gartner projecting 20% annual growth in Managed Detection and Response adoption. This shift represents a fundamental change in how organizations approach security operations.

As cyber threats evolve, organizations struggle to fill key security roles, forcing Chief Information Security Officers (CISOs) to rethink their approach to security operations. Instead of relying solely on in-house teams, many enterprises are shifting toward managed security services and automation to bridge the skills gap and enhance security resilience.

7. The complexity of multi-cloud and hybrid environments

The rapid adoption of multi-cloud and hybrid infrastructures has significantly expanded organizational attack surfaces, making visibility and control over data and applications more challenging. The complexity of managing security in these environments is further compounded by the rise of shadow IT, where business units independently onboard cloud-based applications without IT oversight or control. As Ambarish Kumar Singh, Chief Information Security Officer at Godrej & Boyce Manufacturing Company, highlights, “With the cloud, you don’t even realize when business teams onboard a SaaS application that collects sensitive data.”

To address these challenges, CISOs are prioritizing the implementation of cloud security frameworks to mitigate risks associated with unauthorized applications, data leakage, and compliance violations.

One of the primary strategies involves Cloud Access Security Brokers (CASBs), which act as intermediaries between users and cloud service providers. CASBs provide visibility, policy enforcement, and threat protection, helping organizations detect unauthorized cloud applications and enforce security controls. Gartner predicts that CASB adoption will surge as enterprises seek to combat the risks associated with shadow IT and unauthorized SaaS deployments.

Additionally, organizations are tightening governance around shadow IT by enforcing stricter policies that mandate security assessments and IT approvals for all third-party applications. Many enterprises deploy automated discovery tools that scan network traffic to detect and block unapproved cloud services.

Continuous monitoring and real-time risk assessment are also becoming standard. These measures leverage AI-driven analytics and behavioral anomaly detection to identify security threats across multi-cloud environments. These measures ensure organizations maintain a strong security posture despite the growing complexity of hybrid cloud adoption.

8. Aligning security with business priorities

Effective communication between CISOs and board members is crucial for aligning cybersecurity initiatives with organizational objectives. To achieve this, CISOs must employ strategies that translate technical risks into business terms, facilitating informed decision-making at the executive level.

• Risk quantification: Transforming cyber risks into financial metrics enables boards to grasp the potential impact of security threats. Organizations can prioritize investments and allocate resources effectively by assessing and calculating the likely financial impact of cyber threats. This approach provides a clear understanding of which risks to address based on their potential economic consequences.

• Security ROI measurement: Demonstrating the return on investment (ROI) for cybersecurity expenditures is essential for justifying budget allocations. Utilizing models like the Gordon–Loeb Model, which analyzes the optimal level of investment in information security, can help determine the most cost-effective allocation of resources. This model suggests that organizations invest up to 37% of the expected loss from security breaches to achieve optimal protection.

• Executive reporting frameworks: Implementing structured reporting mechanisms ensures that cybersecurity updates are consistently communicated to the board. Frameworks such as ISO/IEC 27004 provide guidelines for monitoring, measuring, analyzing, and evaluating an organization’s information security management system. These standards help present data-driven insights that resonate with executive concerns, facilitating strategic discussions around risk management.

• Strategic alignment: Integrating cybersecurity efforts with the organization’s strategic goals ensures that security measures support business growth and resilience. By aligning security initiatives with business objectives, CISOs can advocate for cybersecurity as a value driver rather than a cost center. This alignment fosters a proactive security posture that adapts to evolving threats while enabling innovation and driving business growth.

In summary, CISOs can enhance board engagement and support by quantifying risks in financial terms, measuring the return on investment (ROI) of security investments, adopting standardized reporting frameworks, and aligning cybersecurity with strategic business objectives. This comprehensive approach strengthens the organization’s security posture and ensures that cybersecurity initiatives are recognized as integral to business success.

9. Securing emerging technologies

The rapid growth of IoT, 5G, and quantum computing introduces new attack vectors. Organizations must prepare for quantum threats while securing an expanding network of connected devices, blockchain implementations, and edge computing.

• IoT Security: Expanding attack surfaces demand robust frameworks that incorporate device authentication, encryption, and secure communication protocols, such as MQTT and CoAP.

• 5G Protection: While enhancing security, 5G introduces new risks via MEC and network slicing. Zero-trust models, AI-driven anomaly detection, and strong identity management are crucial.

• Quantum-ready encryption: Quantum computing poses a threat to RSA and ECC encryption. Organizations must adopt NIST-recommended post-quantum cryptographic algorithms.

• Blockchain security: Emerging threats, such as quantum decryption and smart contract vulnerabilities, call for quantum-safe solutions that utilize lattice-based cryptography and hash-based signatures.

To navigate this evolving threat landscape, security leaders must implement adaptive, future-ready frameworks to ensure resilience.

10. Rising threat of state-sponsored cyber attacks

Amid escalating geopolitical tensions, state-sponsored cyber attacks have intensified. Russian attacks on Ukrainian infrastructure surged 70% in 2024, while threats from China, Iran, and North Korea have grown more sophisticated. Unlike financially motivated cybercriminals, nation-state actors employ advanced, persistent tactics, making them harder to detect and mitigate.

The convergence of cyber warfare and geopolitics has also heightened risks to operational technology (OT) and industrial control systems (ICS), posing significant threats to public safety. To counter these evolving threats, CISOs are adopting proactive security strategies:

• Enhanced threat intelligence: Leveraging intelligence platforms and government collaborations for real-time insights into nation-state attack tactics.

• Zero-trust security: Implementing MFA, endpoint detection, and network segmentation to prevent unauthorized access.

• Incident response preparedness: Conducting cyberattack simulations and regular security drills for swift breach mitigation.

• Employee awareness: Training staff on phishing, deepfake threats, and social engineering to reduce susceptibility to targeted attacks.

As geopolitical cyber threats escalate, CISOs are prioritizing vigilance, enhancing intelligence-sharing, and refining response strategies to safeguard businesses from nation-state attacks.

11. Strengthening cybersecurity through collaboration

In an interconnected digital world, CISOs face the challenge of defending against increasingly sophisticated cyber threats. No organization can combat these threats alone—strategic collaboration between enterprises, governments, and industry groups has become essential for strengthening cybersecurity defenses. By sharing threat intelligence, enhancing incident response, and aligning security strategies, organizations can build resilience against evolving attacks.

On a global scale, alliances such as the International Multilateral Partnership Against Cyber Threats (IMPACT), backed by the United Nations, underscore the importance of international cooperation. As the largest cybersecurity alliance comprising 152 countries, IMPACT facilitates the sharing of real-time intelligence and the coordination of responses to cyber incidents.

For CISOs, the challenge lies in fostering these collaborations while navigating regulatory complexities, ensuring data privacy, and aligning security priorities across diverse stakeholders. As cyber threats become increasingly persistent and state-sponsored attacks escalate, strengthening partnerships remains crucial to building a more resilient and secure digital ecosystem.

The way forward

The cybersecurity landscape of 2025 demands a fundamental shift in how organizations approach digital defense. Success requires more than better technology – it requires strategic vision, business alignment, and the ability to anticipate threats before they materialize.

For CISOs, the mandate is clear: Transform security from a cost center into a business enabler that drives innovation while ensuring resilience. In an era where a single breach can erase billions in market value, cybersecurity isn’t just about protection – it’s about business survival.