India’s rapid rise as a digital powerhouse has transformed the cybersecurity landscape, pushing organisations to rethink traditional approaches to risk. As AI adoption accelerates and threat actors grow more sophisticated, the focus is shifting from prevention to resilience, where the ability to detect, respond, and recover is just as critical as defense. In this conversation, Sandeep Agarwal, CTO, Security, Cisco India & South Asia, shares how businesses can align security with evolving priorities, simplify complexity, and build resilient, future-ready systems for the AI era.
How should organisations align cybersecurity and technology strategy with business priorities in India and South Asia?
India and South Asia have become the epicentre of digital adoption, whether it’s internet users, UPI transactions, or large-scale digital infrastructure. While this growth is remarkable, it has also expanded the attack surface significantly.
From a business standpoint, there are a few clear priorities. First is earning customer trust in an intensely competitive environment, across fintech, e-commerce, and digital services. Second is navigating evolving regulations, from data privacy laws like the DPDPA to sector-specific compliance requirements. Third is defending against increasingly sophisticated, often nation-state-backed cyber threats.
At the same time, organisations are grappling with operational complexity due to rapid adoption of cloud, AI, and IoT. Add to this cost pressures in a price-sensitive market, and the need to continuously innovate, it becomes clear that businesses must simplify.
Cybersecurity strategy must therefore focus on reducing friction, ensuring compliance, earning trust, and enabling innovation. This means moving away from fragmented tools toward integrated platforms that reduce complexity, optimise cost, and support continuous innovation.
What are the biggest cyber risks in India today, and how can they be mitigated at scale?
Traditional risks like phishing, ransomware, and fraud continue to evolve and remain relevant. But the larger shift is from cybersecurity to cyber resilience.
Today, it’s widely accepted that breaches are inevitable, it’s a matter of when, not if. The real challenge is how quickly an organisation can detect, respond, and recover.
To address this at scale, organisations must move from “bolt-on security” to “built-in resilience.” Security can no longer exist as a separate silo, it must be embedded into the infrastructure itself.
This requires converging enforcement, observability, and protection into a unified platform. Think of it like the human body, there isn’t a separate system for healing; resilience is built in.
Equally important is automation. The scale and speed of modern threats demand AI-driven systems that can detect and respond in real time. The goal is a self-healing, intelligent system that understands context and mitigates threats automatically.
With the rise of GenAI, how should organisations approach security for AI-driven systems?
AI systems are fundamentally different because they are probabilistic, outputs can vary even with the same inputs. This introduces new security challenges.
Security must be addressed at two layers. First is the infrastructure layer, where micro-segmentation, strict access controls, and runtime monitoring are critical, especially given the sensitivity of data used in AI.
The second layer is the AI model and application layer. Here, organisations need to focus on three things: discovery, vulnerability detection, and protection.
Many organisations struggle with visibility, what models, agents, and datasets are actually in use? This is compounded by “shadow AI,” where tools are adopted without centralised oversight.
Then comes validation, ensuring models are secure and behave as expected. Techniques like algorithmic red teaming help test models against adversarial inputs.
Finally, guardrails are essential. These ensure outputs are safe, secure, and privacy-compliant, protecting against bias, prompt injection, and data leakage.
How does security evolve with agentic AI?
With agentic AI, the concern shifts from what systems say to what they do. These agents can take actions, which introduces new risks.
The three key risks are identity, access, and behaviour. Organisations must know every agent in their environment, what it is designed to do, and who is accountable for it.
Access must be tightly controlled, agents should only have “just enough” and “just-in-time” access. Unlike humans, agents operate at high speed and without accountability, which can be dangerous if not controlled.
Finally, continuous monitoring is critical. Since agent behaviour can be unpredictable, real-time oversight ensures actions remain aligned with intent.
How can organisations build and scale secure platforms amid rapid digital adoption?
The biggest mistake organisations make is accumulating too many point solutions, which increases complexity and creates blind spots.
At scale, simplicity is essential. Organisations need integrated platforms that provide end-to-end visibility and reduce operational overhead.
But technology alone isn’t enough. Security must be embedded into organisational culture. Leadership must treat it as a core responsibility.
Given the global cybersecurity skills gap, AI-driven automation becomes crucial. It helps reduce reliance on manual processes and enables scalable security operations.
What are your key focus areas for the near future?
Cisco is focused on building the critical infrastructure for the AI era.
Security remains central, especially AI security, agentic AI, and emerging challenges like post-quantum cryptography. As quantum computing evolves, existing encryption methods will become inadequate, and we are actively working on next-generation solutions.
We are also embedding AI across our portfolio to simplify operations. One key vision is the “Resilience Operations Center,” which unifies network, system, and security data into a single platform for faster detection and recovery.
Any closing thoughts for industry peers?
The simplest security is the most effective. Complexity is the biggest enemy of security.
Organisations should move toward platform-based approaches and reduce fragmentation. The network itself is the most powerful place to enforce security.
We call this vision “Secure Networking”, integrating networking and security for the AI era, powered by AI itself. It’s an exciting time for technology, full of opportunities and challenges, and collaboration will be key to navigating it.