India’s leading enterprises are embedding cybersecurity into their DNA, transforming what was once seen as a cost center into a strategic advantage. From banking to telecom, CISOs are no longer just protecting systems. They are shaping resilience that drives revenue, strengthens brand value, and inspires customer loyalty in a digital-first economy.
Advertisement
This shift is grounded in hard numbers. The average cost of a data breach in India reached $2.18 million in 2023. That was a 28% increase since 2020, according to the RBI. By 2025, IBM’s Cost of a Data Breach Report places the figure even higher at roughly ₹22 crore per breach. With the financial impact rising year over year, enterprises have little room to treat cybersecurity as a back-office function.
It was against this backdrop that cyber leaders from India’s most influential enterprises convened at a CXO boardroom dialogue hosted by Forbes India and Wipro. Centered on the theme “Secure by Design: At the Core of Cyber Resilience,” the discussion brought together some of the country’s most respected security voices: Sameer Ratolikar, CISO, HDFC Bank; Suresh Sharma, Group CISO, Motilal Oswal Financial Services Ltd.; Abhijit Chakravarty, Executive Vice President - Networks & Cyber Security, Kotak Mahindra Bank; Gaurav Duggal, SVP IT & Security, Jio; Vishal Dixit, India Country Head, Wipro; and Aathir Ahad, VP & CISO, Wipro.
Collectively, they explored a transformation long underway but now impossible to ignore - cybersecurity’s rise from a back-end safeguard to a front-line business driver shaping trust, growth, and enterprise resilience.
The New Calculus of Risk
If trust is the new currency of the digital economy, then security is the mint that produces it.
“Cyber risk is business risk,” says Sameer Ratolikar. This statement has moved from a warning to an operating principle. The question now is not whether security matters, but how organizations convert security into trust.
Advertisement
That shift is visible in how customer protection is being reimagined. Traditional safeguards like SMS OTPs are increasingly vulnerable, adding friction without delivering certainty. To protect customers and retain their confidence, security can no longer be an afterthought. Next-generation technologies are expected to secure transactions invisibly while delivering a faster, safer, and more seamless experience. This is why India’s largest enterprises now treat “secure by design” as non-negotiable.
Measuring the Value of Secure by Design
This raises an important question for leaders: how do you quantify the value of security when most of its success is invisible? “The answer lies in measuring ROSI - Return on Security Investment,” notes Vishal Dixit. Secure by design embeds protection at the inception of a product or platform, rather than bolting it on at the end. That early investment yields measurable returns in the form of fewer outages, faster customer response, and reduced incidents that might otherwise derail growth. Most importantly, it translates directly into trust. Enterprises that experience fewer breaches are perceived as more robust, and in markets where customers can switch services with a tap, resilience becomes revenue.
Nowhere is this more evident than in banking. “At Kotak Mahindra Bank, every technology upgrade is evaluated through Speed, Simplicity, and Trust,” explains Abhijit Chakravarty. This SST model isn’t just a catchy acronym; it’s a practical filter used to assess everything from product rollouts to cloud adoption to changes in customer-facing digital journeys.
Read More
The stakes justify the rigor. A banking app moving millions of transactions daily cannot afford friction, let alone a breach capable of eroding years of customer confidence. In such an environment, organizations that embed security from the outset don’t just protect themselves. They gain agility, scale faster, and build a depth of trust that competitors struggle to match.
This philosophy extends beyond financial services. At Wipro, resilience begins with a “Client Zero” approach. The company deploys every solution internally before it reaches a customer. This Client Zero approach delivers two strategic benefits. First, it helps business teams take products to market faster because issues are identified and resolved internally before customer deployment. Second, it enhances customer trust. As Wipro’s Aathir Ahad puts it, “When customers see that the same technology protecting them is already securing us, they trust us more. What we sell isn’t just tested. It’s lived.”
Advertisement
Taken together, these shifts indicate that enterprises that integrate security into every layer, from design to deployment, are safer, stronger, and better positioned to earn long-term customer trust.
AI-Led Resilience
To realise the “Secure by Design” philosophy, Artificial Intelligence is playing a powerful role, especially in a country where mobile is the dominant digital touchpoint. India’s digital ecosystem is overwhelmingly mobile-first, and that raises the bar for resilience dramatically. A user in a tier-2 city completing a payment on patchy bandwidth expects the same frictionless security as a trader in Mumbai on high-speed fiber. Delivering this consistency across diverse devices, networks, and usage patterns is one of the toughest trust challenges Indian enterprises face.
This is why leaders are re-architecting intelligence and control with AI at the core.
At Motilal Oswal, Suresh is championing technological self-reliance: “We build our own AI engines and prediction capabilities… control is now in our hands.” By owning their AI stack, the organization gains the ability to detect threats faster, govern with greater precision, and secure high-velocity environments like trading, where milliseconds matter.
Jio is pursuing a similar AI-driven approach. Gaurav’s team uses data-science-powered red teaming to simulate attacks before they materialize, shifting the enterprise from reactive defense to proactive anticipation. In a market where mobile usage spikes unpredictably and threats evolve continuously, this predictive posture is non-negotiable.
Advertisement
AI is also redefining threat modeling in profound ways. As Aathir explained, “Early adoption of AI has made our threat modelling far more refined at an early stage. Instead of waiting for anomalies to surface, AI systems now identify exposure windows, behavioral deviations, and attack patterns long before traditional tools can detect them.”
But AI doesn't come without new vulnerabilities. As Gaurav pointed out, organizations are so focused on what Agentic AI can do that they often overlook what it can expose. He warns that next-generation AI systems may leak personal data not through breaches, but through intent-driven interactions. For instance, users relying on AI-enabled browsers to make purchases could unknowingly reveal sensitive information. Not because an attacker stole it, but because the system shared it by design.
This is a perfect example of why “secure by design” is essential. Because AI also introduces new, invisible, intent-driven risks that most enterprises aren't prepared for.
The Evolving CISO: From Gatekeeper to Growth Partner
As digital dependence deepens, the CISO’s role has expanded far beyond defense. “The CISO today goes far beyond being a gatekeeper,” says Vishal, “CISOs now influence culture, embed secure habits across HR, engineering, delivery, and customer teams, and position security as a shared responsibility.”
This shift is evident in models like Abhijit’s TRIC framework - Threat, Risk, Impact, Consequence. Tech teams assess threats and risks, while business teams evaluate impact and consequences. And so, cybersecurity becomes a bridge between innovation and risk, ensuring both move in tandem.
Advertisement
Sameer emphasized a critical shift in mindset. “Leaders can split the security perspective into two dimensions: securing the internal infrastructure and securing the customer. While enterprises have traditionally focused on securing internal infrastructure, the real imperative is securing the customer,” he marked. That’s where trust, confidence, and ultimately revenue are won. Delivering a seamless, safe user experience across digital touchpoints is now as important as protecting backend systems.
He noted that balancing security with convenience is the true leadership test for CISOs. It demands influence, deep subject-matter expertise, and a strong grasp of how the business actually operates. Without alignment between CISOs and business leaders, security loses its strategic leverage. The discussion underscored a growing challenge: third-party risk. With vendor ecosystems expanding, continuous assessments and AI exposure management have become baseline expectations.
The New Competitive Moat
The message from India’s cyber leaders stands clear. Security is not just a survival strategy, rather a growth imperative.
Secure-by-design enterprises move faster, catch failures earlier, recover quicker, and earn deeper customer trust. In a digital economy where experiences shape loyalty, trust becomes the real differentiator.
And as enterprises internalize this reality, the conversation is no longer about whether to prioritize security, but how quickly they can re-architect for a secure-by-design future.
Advertisement
The pages slugged ‘Brand Connect’ are equivalent to advertisements and are not written and produced by Forbes India journalists.
