In 2025, India crossed a threshold it cannot uncross.
More than 22.68 lakh reported cybersecurity incidents in a single year is not just a statistic. It is a warning flare. India is no longer simply a fast-growing digital economy. It is a strategic digital battleground, actively probed, continuously tested, and relentlessly targeted.
India now ranks as the second most targeted country in the world. That reality has quietly changed the nature of every serious security conversation. This is no longer about frameworks or maturity models. It is about resilience at national scale in an adversarial world.
When the DPDP Rules came into force in late 2025, the question shifted from “How do we stay safe?” to “How do we survive, scale, and still be trusted?”
India is building one of the most ambitious digital infrastructures ever attempted. Payments clear in seconds. Identities are verified at population scale. Startups are cloud-native from day zero and global by design.
But progress carries a shadow.
Every integration expands the attack surface, every dependency introduces fragility, every shortcut compounds future risk.
The debate about whether cybersecurity matters is over.
The real question is whether India can turn exposure into leadership and shape how cybersecurity is designed, practiced, and trusted worldwide rather than merely consuming what others build.
At Matters.AI, we see most security failures not as tooling gaps, but as design failures.
Failures of intent, ownership, and assumptions made under growth pressure.
That belief shaped why this conversation mattered.
Why this conversation needed to happen
This session was not about predictions or prescriptions. It was about experience.
As Keshava Murthy, Co-Founder & CEO of Matters.AI, framed it while opening the discussion, this was meant to be a learning space rooted in decisions made under pressure and lessons earned the hard way. Moderated by Dhiraj Khare, Co-Founder & CBO at Matters.AI, the goal was simple. Bring together leaders who have built and defended systems at scale and let them speak honestly about what breaks.
Not hypothetically, not eventually, but in the real world.
What emerged was not a checklist, but a set of tensions that define India’s cybersecurity moment.
The people in the room
The diversity of experience on the panel reflected the larger question of what it takes to build cybersecurity at national scale.
Jacxine Fernandez, CISO at BIAL, currently focuses on cybersecurity at BIAL, one of the many responsibilities he carries. Before this, he served as Group CISO at Adani Group, held the CISO role at a telecom company in the Middle East, and was Group CISO at Airtel Africa.
Bala Raman, CISO at Microland, brings close to three decades of experience, though not from a conventional security background. His career spans submarines, business process engineering, and software development. He understands deeply how organisations actually behave, where they break under stress, and why asking better questions often matters more than having faster answers.
Himanshu Kumar, CISO at CRED, has worked across fintech for over twenty years. His experience includes building data centres, payment gateways, and large-scale platforms at Flipkart and Grab Taxi. His work sits at the intersection of security, growth, and user experience, and outside of work he enjoys gaming, which perhaps explains his comfort with complex systems and trade-offs.
Nishith Kumar Datta, CISO at Titan, served for thirty years in the Indian Army before moving into cybersecurity. He later worked at Aadhaar headquarters, served as Group CISO for a private cloud data centre in Hebbal, and is now with Titan. Across these roles, he has seen how security requirements change dramatically across domains and why listening across perspectives is not optional.
Janhvi Tomar, Investor at Pravega Ventures, previously worked with PwC in risk management for US banks. Her interests now lie at the intersection of infrastructure investments and cybersecurity, and she brings a global view of trust, scale, and regulation to the discussion.
Fasihullah Askiri, Principal Architect at Swiggy, ran a security program at Swiggy for three years. Early on, he realised that reactive security would not scale in a fast-moving consumer tech environment. Instead of accepting existing models, he stepped back, studied how the organisation viewed security, spoke to people who had done deep analysis, and built a clearer understanding of what truly needed fixing. His curiosity extends well beyond cybersecurity into understanding systems as a whole.
Three tensions that will decide India’s Cybersecurity future
Speed vs Control
From consumer tech to fintech to national infrastructure, India builds at extraordinary speed. But speed without deliberate control turns scale into fragility.
Fasihullah Askiri’s experience at Swiggy highlighted this clearly. Reactive security worked until the business started moving faster than humans could respond. The real work was not adding tools. It was understanding who owned security decisions, where accountability lived, and how security was perceived internally.
At national scale, reacting after the fact is no longer a strategy. It is surrender.
Scale vs Trust
Janhvi Tomar reframed data security as a trust problem, not a compliance problem. Early shortcuts may accelerate growth, but global, billion-dollar enterprises cannot scale on fragile trust foundations.
India’s advantage is its ability to operate digital systems at population scale. Its risk is losing trust at the same scale.
This is compounded by a hard reality. India needs close to one million cybersecurity professionals and has less than half that number today. Without sustained investment in talent, regulation and intent remain theoretical.
AI Autonomy vs Human Accountability
Across the discussion, one theme kept resurfacing. AI will not be optional.
Five years from now, AI will sit inside every system that matters, approving transactions, orchestrating workflows, and making decisions with minimal human intervention.
That shift demands a new control layer. Not more dashboards, but governance that makes intent, behaviour, and outcomes observable and auditable.
Security can no longer focus only on protecting systems. It must protect decision-making itself.
What experience teaches that frameworks don’t
Leaders like Bala Raman, Nishith Kumar Datta, Himanshu Kumar, and Jacxine Fernandez brought the conversation back to fundamentals.
Cybersecurity today is not an IT problem. It is a business continuity, national risk, and trust problem.
The advice was consistent and grounded.
Focus on outcomes, not impressive architecture.
Measure what actually reduces risk, not what looks mature.
Listen before solving, because solving the wrong problem quickly is still a failure.
Leadership in cybersecurity, as Bala put it, is collective. It is built by organisations that double down on core strengths instead of chasing rankings or noise.
The question five years from now
Five years from now, the question will not be whether India adopted AI early or late. It will be whether it adopted AI deliberately.
Whether systems were designed with guardrails before autonomy.
Whether trust was treated as infrastructure, not an afterthought.
Whether security scaled with intelligence or lagged behind it.
The real risk is not that India adopts AI too slowly. It is that we adopt it faster than we can govern it.
At Matters.AI, we believe becoming a cybersecurity capital is not a declaration. It is a responsibility built through better questions, deeper listening, stronger talent pipelines, and systems designed for trust from day one.
India does not get to opt out of leadership anymore. It is already on the front line.
