India’s cybersecurity and data protection landscape is undergoing a seismic shift, driven by the explosive growth of digital threats. With internet penetration soaring and digital transformation sweeping across industries, the need for airtight cybersecurity frameworks has never been more urgent. The government has responded with measures such as the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023, both designed to protect citizens’ personal data and regulate privacy in the digital age.
Yet, despite these efforts, India grapples with formidable challenges—rising cyberattacks, vulnerabilities within critical infrastructure, and widespread gaps in cyber literacy. The advent of disruptive technologies like AI, IoT, and cloud computing only heightens the demand for more sophisticated security protocols. To build a truly resilient digital ecosystem, public-private partnerships must be strengthened, law enforcement capabilities enhanced, and cybersecurity awareness significantly elevated. Moving forward, comprehensive legal frameworks and proactive international collaboration will be crucial pillars of India’s cybersecurity strategy.
In an exclusive conversation with The Interview World, Mohit Srivastava, CISO and DPO of Perfios Software Solutions Pvt. Ltd., delves into emerging cybersecurity trends, how his company tackles the unique threats it faces, and how the DPDP Act will fortify data security. He also shares how the new regulations will shape business compliance and data management practices. Here are the key takeaways from this enlightening discussion.
Q: What emerging trends and challenges are you seeing in cybersecurity with the rise of digital footprints and AI integration?
A: Cybersecurity today is a constantly shifting landscape—it’s no longer about pinpointing a single solution and calling it done. AI has begun playing a pivotal role, marking a paradigm shift in how we approach security. Whether it’s incident management or enhancing learning and awareness, the way we tackle cybersecurity is evolving rapidly.
At Perfios, we’ve woven cybersecurity into the very fabric of our products. We support our BFSI clients—banks, insurance companies, and NBFCs—by helping them digitize their back-office operations while keeping security at the forefront. Cybersecurity can’t be treated as a standalone concern. It must be seamlessly integrated into every aspect of a product, not only boosting efficiency and operational digitization but also fortifying organizations against emerging threats.
Q: How is your organization addressing the unique cybersecurity challenges faced by the highly vulnerable banking sector today?
A: At Perfios, we deliver solutions that automate the back-office operations of banks and financial institutions. But the nature of our products is far too critical to view cybersecurity as an afterthought or in isolation. Given the sensitive customer data we handle, including banking information, and with the Digital Personal Data Protection Act (DPDP) coming into play, cybersecurity is the foundation of everything we do.
It’s about how we safeguard your bank’s data—how we encrypt it, and how we protect both data at rest and in motion. I’m proud to say that Perfios stands among a select few organizations that have embraced a risk-avoidance approach. We don’t store sensitive information on our systems. The more data you retain, the greater your exposure, and we’ve made it our mission to minimize that risk. We process data, hand it back to our clients, and that’s why Perfios leads the way in secure, efficient solutions.
Q: What recommendations do you have for the Indian government to safeguard Aadhaar data amid increasing digitalization and recent breaches?
A: I would refrain from suggesting further actions for the government, as it has already performed remarkably well in setting up policies. The government’s role is primarily to establish policies and enforce relevant regulations that ensure the protection of data. However, the true challenge lies in the industry’s acceptance of these regulations and their successful implementation at the operational level.
Data protection isn’t a simple, one-size-fits-all solution. Take Aadhaar, for example—it’s not solely in the hands of the government. Multiple organizations, including public sector entities and banks, hold millions of Aadhaar records, creating a decentralized system of data pockets.
The key to safeguarding this data is governance. Without robust data governance embedded at every level—within organizations and government alike—securing data remains incomplete. Governance is the critical element that will play a pivotal role in ensuring data protection.
Q: How do you believe the Digital Personal Data Protection (DPDP) Act will strengthen data security and protect personal information in India?
A: While it hasn’t been officially notified yet, this is undoubtedly a positive development. The introduction of the DPDP Act signifies an important shift towards safeguarding public data. We’re beginning to see a focused effort on protecting this information, which is a step in the right direction.
However, this act must be effectively operationalized. We can’t afford for it to become just another law on the books. Enforcement must be rigorous, and I am confident that once it is notified, we will see the necessary actions taken to ensure its successful implementation.
Q: How do you anticipate the DPDP Act will affect businesses in terms of compliance and data management practices?
A: This is a pivotal step toward safeguarding personal data and restoring order to the digital landscape. It carries profound implications for international businesses operating in India, particularly with its mandate for data localization—requiring certain categories of personal data to be stored within India’s borders. While this may raise initial concerns, it also offers a unique opportunity for global enterprises.
To attract international investment, we must demonstrate that we have robust processes in place to protect information. Every country has its data protection standards, and without them, enticing global organizations to invest becomes increasingly difficult. Thus, I commend this initiative.
However, implementation will come with its challenges. Any new system typically faces initial teething issues, especially if organizations must adapt to previously unregulated practices. Moving forward, companies will need to adopt a more structured approach to securing the personal data of both employees and customers. I see these as manageable adjustments rather than insurmountable challenges.
At the very least, we have established a comprehensive privacy framework within our organization, and we have not encountered any significant obstacles.
