As cyber security threats get more sophisticated, the readiness has to be measured accordingly and on a dynamic basis, emphasised information security professionals at the FE Modern BFSI Summit.
Panel Discussion: 'Building resilient cybersecurity in an era of escalating threats' [L-R] Bharat Panchal, Chief Risk, Security, and Stakeholder Management Officer, Bima Sugam India Federation; Dr. Pawan Chawla, CISO, Tata AIA Life Insurance; Puneet Asthana, Executive Director & CTO, Shriram Wealth Ltd; Sandeep Soni, Editor – BFSI B2B, Financial Express Digital (Moderator)
The technology landscape is ever-evolving. As the opportunities offered by the developments in digital and tech proliferate, it is resulting in a corresponding increase in cyber security vulnerabilities. “Where there’s technology, there’s cyber risk. Unfortunately or fortunately, the technology is dynamic, the risk emanating out of that is also dynamic, and therefore your cyber security also has to be dynamic,” said Bharat Panchal, Chief Risk, Security, and Stakeholder Management Officer, Bima Sugam India Federation, during a panel discussion at the Financial Express Modern BFSI Summit 2025.
Panchal underlined that organizations can no longer rely on static, one-time investments in firewalls, antivirus, or perimeter defenses. “Days are gone where you used to put one firewall, one antivirus, one router and think you are secure. That does not mean that if you have invested 10 crores, it gives an assurance that you are safe. You have to continuously monitor the threat vector as well as your environment — to know what is going on, and where you need to further enhance your security.”
Beyond Technology: Human Behavior as the Weakest Link
While cyber threats evolve with technology, Panchal cautioned that psychology and awareness remain critical. “In terms of cyber fraud today in India, 70% of fraud happens out of greed, 20% to 25% because of ignorance and fear, which has nothing to do with technology. So, awareness is the only tool by which you can make people educated about how to behave in the technology-based system. We are literate, but we are digitally illiterate people,” Panchal says citing daily news articles about how even socially influential people like bank managers, IPS officers, doctors, chartered accountants, etc are getting duped of crores by cyber fraudsters.
From IT Issues to Cybersecurity Issues
Echoing the theme, Dr. Pawan Chawla, CISO, Tata AIA Life Insurance, emphasized that cybersecurity can no longer be treated as a separate silo. “The paradigm shift which we see is there are no IT issues. Now everything has become a cyber security issue. Even if the system is going down or it is slowing down, it is a cyber security issue.”
Chawla stressed the importance of strengthening third-party risk management, citing recent breaches in the insurance sector via unsecured APIs.
“It is very important to build a strong third party risk management framework in an organisation and ensure that it has been followed rigorously. It doesn't start towards the end. It starts at the beginning,” he said.
The AI and Skill Gap Challenge
Puneet Asthana, Executive Director & CTO, Shriram Wealth Ltd, pointed out that while artificial intelligence (AI) workloads are spreading across the BFSI sector, cybersecurity frameworks have not kept pace.
“The LLM model itself is one of the strongest promoters of leakage in terms of data. Do we know where it is deployed? How is it going to connect? What is data transit? How is the data getting encrypted, because if the LLMs are taking data elsewhere, you don't know. So who's actually doing this deep dive? These are the elementary steps on how to deal with it,” he said.
Asthana also highlighted that cybersecurity is now being addressed in boardrooms.
Building Awareness, Playbooks, and Readiness
Both Chawla and Asthana agreed that cybersecurity readiness depends as much on awareness and governance as it does on technology. Asthana gave the example of tabletop exercises with board members at ICICI, where the initial reaction to a ransomware scenario was, “I’ll call the CTO.” Such responses, he said, show why continuous training is needed across the organisation, including at leadership levels.
On the aspect of ‘readiness’ in the event of a cyber attack, he argued about having a practiced playbook. “What is your playbook? Who calls up? What is the communication pattern? Who sends the email? Whose email is supposed to be acknowledged? The more and more you bring that playbook to practice, the likely chances of responding to a threat are much better,” he said.
In the absence of such a playbook, Asthana cited a probable scenario, where the attack continues to damage the victim organisation for hours, only because it doesn't have a set playbook strategy to handle such attacks.
Chawla added that technological readiness is equally critical. “Otherwise, what will happen is, when the incident actually happens, you will realise that you will not have logs to do the forensics. So it is very important, this exercise is conducted at regular intervals.”
Cybersecurity as an Enterprise Foundation
Summing up, Panchal emphasised that cybersecurity must be thought of at the design stage, not added later. “Cyber security is not something which you can add as the topping at last. You have to think about cyber security the way you think about your enterprise.”
Asthana agreed, noting that compliance and security costs are non-negotiable in today’s regulated environment. “If you do a retrofit, you eventually end up creating more technical debt rather than solving it.”
Cybersecurity, the panel concluded, is no longer a fixed project or a compliance tick-box—it is a living, evolving posture that must adapt to dynamic risks, driven equally by technology, awareness, governance, and board-level ownership.
This article is based on the panel discussion organized at the Financial Express Modern BFSI Summit 2025.
Empower your business. Get practical tips, market insights, and growth strategies delivered to your inbox
By continuing you agree to our Privacy Policy & Terms & Conditions
