Conversations around breaches, identity theft, and cloud risk had set a clear tone in 2025, where safety has already been established as the new currency of digital business. In the world of online trading, where millions of microtransactions happen every minute, the stakes are even higher. It was against this backdrop that Amit Bhatia, Chief Information Security Officer at Religare Broking, sat down with Express Computer for an exclusive conversation.
Bhatia believes the role of the CISO has undergone a dramatic shift and so much so that the very identity of the role has changed. The era of “CISO 1.0,” defined largely by firewall management, compliance checks, and governance models, has given way to what he calls the CISO 2.0 era. Today, security is not viewed as a supporting function, rather it is seen as an essential lever for business strategy, customer experience, and brand trust.
“Cyber resilience has become a business growth driver,” he says, emphasising how security now influences revenue, customer acquisition, and market reputation as directly as product or marketing strategies do. For broking platforms, where digital apps are the primary storefronts, the experience is no longer judged solely on speed or interface quality. Users want performance, but they also want complete confidence that their transactions, assets, and data are secure. “No customer today will make a financial transaction without an OTP or authentication,” Bhatia notes. “Even in tier-II and tier-III cities, people have become highly security aware.”
This intertwining of safety and experience has permanently changed how security is designed for the BFSI and fintech sectors. Bhatia dismisses the idea that security becomes visible only when users see OTP prompts or two-factor authentication. The real weight of cybersecurity remains hidden, nearly 90% of the work happens behind the scenes. At any given moment, a broking platform faces hundreds of millions of hits triggered by price changes, real-time trades, data refreshes, and external integrations. Behind the fluid customer interface lies an orchestration of SIEM engines, API gateways, and cloud-scale distributed security controls that allow simultaneously high performance and impenetrable protection.
“The idea is simple. Security should never degrade performance. But experience should never compromise safety either,” Bhatia explains. Security, he believes, has matured into a business enabler rather than an overhead. Trust builds retention. Retention drives business. In that equation, cybersecurity becomes a catalyst.
The conversation inevitably shifted to the most charged topic of the year, AI. With deepfake impersonations, targeted fraud, AI-powered cyberattacks, and large-scale identity theft emerging almost daily, the industry is entering a phase where the defender and the attacker are both powered by the similar technology. Bhatia offers a measured view that captures both sides of the coin. “AI is both a threat and a defence. It depends on how it is trained,” he says. In the wrong hands, AI can automate malicious intent, reduce time-to-attack, and personalise fraud. But the same technology is now building the fastest and most intelligent cybersecurity ecosystem the industry has ever seen.
Across the BFSI landscape, platforms are already using AI to detect user behaviour anomalies, assess device reputation, predict whether a transaction is high-risk, identify unusual log patterns, and execute countermeasures without human intervention. In the customer-facing world, AI is becoming a powerful tool in predictive analytics, enabling investors to discover insights instantly rather than wait for research reports. For Bhatia, the key lies in how the system is trained and how security leaders provide continuous real-world feedback to OEMs so that the entire industry benefits from new threat learnings instead of reacting in silos.
Technology, however, is only half the battlefield. The other half lies within the organisation. Human error remains one of the most common sources of cyber-incidents, whether through unintended clicks, oversight, or lack of awareness. To counter this, Religare Broking has instituted a culture-first approach to internal cyber education. Employees receive short and simple newsletters every day, summarising recent attacks from around the world in language that anyone, not just an engineer, can understand. Yet Bhatia admits that even with awareness, mistakes will happen. The real test is whether organisations are structurally prepared to absorb them. Advanced tools like XDR, equipped with automated runbooks, ensure that an infected laptop or compromised endpoint can be isolated and mitigated without allowing lateral spread or operational disruption.
“We cannot eliminate internal risks completely. But we can ensure that no single error leads to business impact,” he says. It’s a pragmatic philosophy rooted in resilience rather than perfection.
As the conversation closed, it became clear that cybersecurity today is no longer an invisible, hidden cost centre. It has become central to growth, differentiation, customer loyalty, and the long-term survivability of digital-first businesses. In a world where users are ready to delete an app the moment they sense risk, cybersecurity is no longer about avoiding loss, it is about enabling confidence.
Amit Bhatia represents the modern cybersecurity worldview, one where security, user experience, and business outcomes are not separate tracks but interconnected forces shaping the digital future of BFSI. His message is unambiguous, in a market led by trust, cybersecurity is the new competitive advantage.