For most organisations, cybersecurity is a demanding responsibility, but for a conglomerate as diverse as DS Group, with businesses spanning FMCG, hospitality, luxury, agro, retail, and manufacturing, the complexity grows exponentially. Each vertical brings its own digital dependencies, regulatory frameworks, threat surface and operational realities. Yet, the company is attempting what many security leaders consider the holy grail, a single cybersecurity posture capable of protecting fundamentally different businesses without slowing innovation.
“It’s a landscape defined by variety, and that makes it challenging,” reflects Balwant Singh, Group CISO & DPO, DS Group. “The FMCG, retail and hospitality businesses deal heavily with consumer data and digital touchpoints, whereas the other business verticals and manufacturing units rely on operational technologies and interconnected supply chains. The task is to create a cybersecurity and data-protection posture that is flexible enough to support this diversity while strong enough to provide consistent governance and resilience across the organisation.”
Rather than distributing security budgets and controls evenly, DS Group has adopted what Singh describes as a data-centric and impact-driven model. “We assess each vertical’s threat exposure through structured risk assessments, maturity studies and regulatory mapping,” he says. “Our investment and attention go where the risk concentration is highest, consumer-facing digital platforms, high-volume production systems and environments that handle sensitive PII data or proprietary formulations.”
Securing the factory floor: IT-OT convergence meets cyber threats
While consumer-facing businesses are a natural target for cyberattacks, it is the Group’s manufacturing backbone that is becoming equally, if not more, strategic to secure. Automated production lines, smart sensors, remote vendor access and industrial IoT have opened new attack vectors.
“Protecting manufacturing and supply-chain operations has become a top priority,” Singh notes. “We are converging IT and OT cybersecurity under a unified governance framework, while respecting the operational sensitivities of industrial environments.”
Stricter network segmentation, secure remote-access controls, continuous asset visibility, third-party risk evaluation and industrial-grade anomaly detection are now embedded across plants. “These efforts collectively defend against ransomware, OT-specific malware and supply-chain compromise,” he explains.
Rising privacy expectations and the DPDP shift
With DS Group’s nationwide distribution footprint and a massive network of customers, partners and distributors, the organisation manages extremely high volumes of personal and business-critical data. The enforcement of India’s DPDP Act has only sharpened the stakes.
“We have embraced privacy-by-design as a foundational principle across every data lifecycle stage,” Singh emphasises. “We are strengthening identity and access governance, standardising consent mechanisms, implementing purpose-specific processing, and enforcing strict data-retention and disposal procedures.”
Singh emphasises that for DS Group, compliance is not limited to documentation. “Recognising that many of our business processes involve handling PII, we ensure continued compliance through strong contractual safeguards, privacy impact assessments and ongoing monitoring across all digital platforms,” he says.
Protecting innovation: The silent battle for intellectual property
The FMCG sector has become a lucrative target for cybercriminals interested in formulations, packaging innovations, marketing plans and digital assets behind brand campaigns. Singh is candid about the risks: “Sensitive data and IP are critical competitive advantages.”
To protect R&D, product development and digital marketing environments, DS Group has implemented multi-layered controls. “Access to sensitive environments is strictly need-to-know and role-based, supported by continuous monitoring,” he explains. “We reinforce digital systems with encryption, MFA, restricted access and integrity controls and track unusual data movements using behavioural analytics.”
Every stage of innovation, from lab notes and prototypes to digital campaign files, has been brought under tighter governance. “This ensures the innovation pipeline remains uncompromised from both external breaches and internal leaks,” Singh adds.
Security by design, not afterthought
As DS Group accelerates its digital transformation, from ecommerce and cloud adoption to AI-driven analytics and omnichannel customer experience, the cybersecurity leadership has worked to ensure that new initiatives don’t outrun security frameworks.
“Cybersecurity is embedded from the very inception of every digital programme,” Singh states. “Secure architecture reviews, third-party risk assessments, threat modelling and privacy impact assessments happen before deployment, not after.”
He stresses that this shift has produced both cultural and operational benefits. “By integrating ‘security and privacy by design’, we reduce long-term risks, accelerate deployment and enhance trust in our digital platforms,” Singh shares.
Insider threats: Strengthening security without weakening workplace culture
The more geographically distributed and multi-business an organisation becomes, the more the risk of insider incidents grows, from negligence to intentional misuse. DS Group aims to mitigate this without breeding fear.
“Insider risk is real, but so is the value of trust,” Singh says. “We adopt a mix of continuous awareness, strong controls and behavioural analytics that detect anomalies without infringing on privacy or creating a punitive environment.”
Instead of relying solely on surveillance, the Group focuses on shared accountability. “Security becomes a cultural value, not a policing mechanism,” he points out. “Employees feel empowered and responsible rather than restricted.”
Incident response built for always-on operations
With factories, logistics networks and consumer touchpoints functioning round-the-clock, cybersecurity incidents, even minor ones, can quickly disrupt business.
“Resilience is non-negotiable,” Singh asserts. DS Group has developed dedicated playbooks covering cyber incidents, breaches and third-party disruptions, and trains cross-functional teams through regular simulations and phishing drills.
Threat intelligence tailored to FMCG, manufacturing, hospitality and retail is continuously integrated into decision-making. Business continuity plans now span applications, core services and physical operations to ensure consistent uptime. “This holistic approach protects brand reputation and ensures that we respond swiftly and effectively to emerging threats,” Singh says.
From safeguarding intellectual property to securing automated manufacturing lines and consumer data, DS Group’s cybersecurity strategy reflects a sharp understanding of risk diversity, and the need to avoid one-size-fits-all solutions.
“Our north star is clear,” Singh concludes. “Security must be unified, intelligent and adaptable. If cybersecurity can keep pace with business complexity and innovation, then it becomes a true enabler of growth, not a barrier.”