Mr. Manmeet Thakur,
Group CISO & DGM IT,
Astral Limited,
The digital transformation in India is accelerating, reshaping industries and driving new growth opportunities. As businesses move towards increased digitisation, the role of Chief Information Security Officers (CISOs) becomes critical in balancing innovation with the need for robust cybersecurity and regulatory compliance. For Indian enterprises, especially in sectors like finance, healthcare, and manufacturing, achieving this balance is no longer optional but essential to survival in a rapidly evolving digital landscape.
India’s digital economy is projected to grow to $1 trillion by 2025, driven by technological advancements such as artificial intelligence (AI), the Internet of Things (IoT), and cloud computing. This shift has led to unprecedented efficiencies and consumer conveniences but has also expanded the attack surface for cybercriminals. A 2023 report indicated 79 million cyberattacks in India alone, highlighting the urgent need for strengthened cybersecurity measures across industries.
The adoption of digital technologies introduces unique risks. AI and machine learning are revolutionising operations, yet they also pose challenges related to data privacy, model bias, and explainability. Similarly, the proliferation of IoT devices has increased the number of network endpoints vulnerable to attack. For CISOs in India, navigating these risks while enabling technological innovation is a complex but vital task.
CISOs in India face the challenge of ensuring that digital innovation does not come at the expense of security or compliance. The Personal Data Protection Bill (PDPB) and the Reserve Bank of India’s cybersecurity guidelines impose strict requirements on data protection and privacy, with non-compliance resulting in significant penalties and reputational damage. However, focusing solely on regulatory adherence can stifle innovation.
To manage this dichotomy, CISOs must adopt a compliance-by-design approach, ensuring security and regulatory requirements are integrated into all digital initiatives from the ground up. This strategy not only addresses compliance needs but also ensures that innovation continues to drive business competitiveness.
In today’s threat landscape, CISOs must adopt a proactive approach to risk management, focusing not only on reacting to incidents but preventing them before they occur. According to IBM’s 2022 report, the average cost of a data breach in India has reached ₹179 million in 2023, underscoring the need for a forward-thinking risk management strategy.
One of the key pillars of proactive risk management is cultivating a culture of security awareness across the organisation. Human error remains one of the primary causes of data breaches, and regular employee training on cybersecurity best practices can significantly reduce this risk. A report claims that 88% of data breaches are attributable to human error, emphasising the need for ongoing education.
CISOs must engage all levels of the organisation in cybersecurity efforts, ensuring that each employee understands their role in safeguarding sensitive data. By conducting regular phishing simulations and awareness campaigns, organisations can minimise risks associated with social engineering attacks.
For businesses to succeed in the digital era, innovation must be coupled with strict compliance protocols. With regulatory frameworks such as the PDPB expected to come into force soon, ensuring that data privacy and protection standards are met is paramount. The compliance-by-design approach allows organisations to integrate security measures into every aspect of their digital strategy.
This integration is especially important in industries like financial services, where digital transactions have skyrocketed. CISOs must ensure that these services are compliant with data security standards, such as RBI’s cybersecurity norms while continuing to innovate in areas like mobile banking and digital wallets.
AI plays a dual role in today’s cybersecurity landscape—it presents risks and solutions. To mitigate risks such as AI model inversion or data poisoning, CISOs must deploy AI explainability frameworks and ensure transparency in how AI systems are designed and operated. On the flip side, AI-driven security tools can significantly enhance an organisation’s ability to detect and respond to threats in real time.
A Capgemini report revealed that 69% of Indian organisations using AI for cybersecurity have reported improved threat detection. Automation tools like security orchestration, automation, and response (SOAR) can further streamline incident response, allowing security teams to focus on strategic tasks rather than routine threat monitoring.
The adoption of cloud and IoT technologies has created significant efficiencies for Indian businesses but has also introduced new security challenges. The International Data Corporation (IDC) forecasts that India's public cloud services market will expand significantly, reaching $13.5 billion by 2026, up from $4.6 billion in 2021. Managing these new technologies requires a cloud-first security approach, focusing on encryption, access control, and continuous monitoring.
In addition to cloud security, organisations must secure their IoT networks. This requires CISOs to implement robust endpoint protection strategies, ensuring that connected devices in sectors like healthcare and manufacturing do not become weak points in the network.
Building a resilient cybersecurity architecture is essential for organisations to recover quickly from cyberattacks and minimise downtime. A multi-layered security architecture that includes disaster recovery and business continuity plans ensures that organisations can continue operations even in the face of a major security breach.
By implementing network segmentation, real-time monitoring, and backup solutions, CISOs can create an environment that is both secure and adaptable to evolving threats.
As India’s digital transformation accelerates, CISOs are tasked with balancing innovation with stringent security and compliance requirements. By fostering a culture of security awareness, leveraging AI for risk mitigation, and building resilient architectures, Indian CISOs can lead their organisations into a future where innovation and security coexist. This proactive approach not only ensures compliance but also positions organisations to thrive in the increasingly competitive digital landscape.
Mr Manmeet Thakur is an acclaimed technology and business leader currently serving as the CISO and DGM IT at Astral Limited. With over 19 years of distinguished industry experience, Mr Thakur has established himself as a top CIO and CISO, recognized for his strategic vision and innovative approach to digital transformation and cybersecurity.
Mr Manmeet Thakur career trajectory includes pivotal roles such as Group CISO and Head IT at Indian Energy Exchange (IEX/IGX), where he significantly enhanced the organisation's cybersecurity posture and drove impactful digital initiatives. Prior to IEX, he excelled as the Head of Cloud CoE, IT Infrastructure,and Security at Clix Capital, and led Cloud CoE, Security and Datacenter Operations at DHFL Pramerica Life Insurance. His tenure at Innodata Inc. and other notable companies like CMS Info Systems and 3i Infotech further exemplifies his expertise in IT infrastructure and risk management.
An influential speaker and cyber evangelist, Mr. Thakur is renowned for his ability to harness emerging technologies, including AI and cloud computing, to drive operational excellence and regulatory compliance. His accolades include being ranked among the Top 100 CISOs by IDC and CISO Platform, and receiving the Most Promising and Innovative CIO Award in 2023 from CIOAXIS.
