Tata Motors’ CISO Dr. Pawan Sharma highlights cyber resilience as a strategic advantage, blending global frameworks, agility, and employee awareness.
As cyberattacks become increasingly complex and widespread, modern enterprises must think beyond protection—they must prepare to adapt, respond, and recover in real-time. For Dr. Pawan Sharma, Chief Information Security Officer at Tata Motors, cyber resilience isn’t just a technical imperative—it’s a business enabler. With a legacy brand operating across global markets and intricate supply chains, Tata Motors requires a security strategy that is both agile and robust.
In this exclusive conversation with CISO Forum, Dr. Sharma shares how the company measures and nurtures cyber resilience by combining global standards, such as NIST and ISO, with hands-on threat intelligence, rapid response systems, and a deeply embedded culture of employee awareness. From managing third-party risks and incident response to transforming human capital into a “human firewall,” his approach reflects the maturity and foresight required in today’s high-stakes cybersecurity environment. Dr. Sharma’s insights offer a rare behind-the-scenes look into how one of India’s automotive giants stays secure, prepared, and relentlessly resilient.
Chief Information Security Officer
Tata Motors,
CISO Forum: How do you define and measure cyber resilience in your organisation, and what frameworks guide your approach?
Dr. Pawan Sharma: Cyber resilience is our ability to sustain operations despite cyber threats. It goes beyond prevention and focuses on early detection, timely response, swift recovery, and continuous adaptation to evolving risks. We measure it using key metrics, such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), as well as employee awareness indicators, including training completion rates and phishing simulation outcomes. Our approach is guided by global standards, including the NIST Cybersecurity Framework, ISO 27001, and ISO 22301.
CISO Forum: When systems are compromised, what’s your strategy for maintaining business continuity while ensuring complete threat eradication?
Dr. Pawan Sharma: We isolate affected systems immediately to prevent spread, while activating backup environments to maintain continuity. A detailed root cause analysis follows, leading to targeted remediation—patching, cleansing, and reinforcing controls. Regular drills and simulations ensure readiness, and incident response plans are continually refined based on lessons learned. Stakeholder communication remains clear and consistent throughout.
CISO Forum: How do you build security programs that can quickly adapt to new attack methods and unknown threats?
Dr. Pawan Sharma: We take a proactive and agile approach to security. Real-time monitoring and up-to-date threat intelligence enable early detection and rapid response to threats. Regular reviews of security controls and incident response plans ensure alignment with evolving risks and threats, thereby maintaining optimal security posture. Employee training reinforces awareness, while our flexible architecture allows for quick reconfiguration as new threats emerge.
Cyber resilience goes beyond prevention—it’s about early detection, timely response, swift recovery, and continuous adaptation.
CISO Forum: How are you building resilience against threats that arise from vendors, partners, and third-party dependencies?
Dr. Pawan Sharma: We follow a structured, risk-based approach to third-party security. This includes pre-engagement assessments, clearly defined cybersecurity requirements, and contractual safeguards like audit rights. Access to systems is strictly need-based, and we conduct regular audits to ensure compliance. We also monitor the supply chain for vulnerabilities, extend awareness programs to our partners, and maintain contingency plans to ensure business continuity in the event of a breach.
CISO Forum: What role do your employees play in your resilience strategy, and how do you prepare them for their part in cyber defense?
Dr. Pawan Sharma: Employees play a critical role in an organisation’s resilience strategy, particularly in the context of cybersecurity. As the first line of defense, their awareness and day-to-day actions can significantly influence the organisation’s ability to prevent, detect, and respond to security threats.
We invest in ongoing education and training programs to equip employees with the knowledge and tools needed to identify and report suspicious activity. This includes simulated phishing exercises, role-based security training, and regular updates on emerging threats and best practices. Clear guidelines are in place to ensure the secure handling of sensitive information, and we foster a culture of cyber awareness across all levels of the organisation. By embedding cybersecurity into daily routines and decision-making, we build a strong human firewall that complements our technical safeguards. This integrated approach ensures that every employee contributes meaningfully to our overall cyber resilience.
CISO Forum: How do you learn from security incidents and near-misses to strengthen your organisation’s overall cyber resilience?
Dr. Pawan Sharma: We treat every incident and near-miss as a learning opportunity. Post-event reviews help us identify root causes, assess response effectiveness, and uncover gaps in systems, processes, or user behaviour. These insights drive updates to policies, tools, and training.
Real-life examples are used in employee awareness programs, while regular drills and simulations ensure that employees are prepared. We also track patterns, encourage open reporting, and collaborate with industry peers to stay ahead of emerging threats. This continuous feedback loop strengthens our overall cyber resilience.
