By Prashant Chaudhary, Area Vice President, India- Splunk.
The role of a CISO in any organisation is evidently evolving and in India, the pace of that change is non-negotiable. As industries pivot towards agentic AI, embedding it into workforce processes across many sectors and as digital platforms transcend further into becoming governance platforms, industry connectors, and economic engines — the security leaders responsible for governing these must evolve with equal urgency.
This urgency has been captured in a recent Splunk report on CISOs which says that nearly four in five CISOs say their role has become significantly more complex. The mandate has expanded to include AI governance, DevSecOps, third-party risk, and regulatory compliance, all at once, all with higher personal stakes. In India, where digital growth consistently outpaces expectations, that pressure has grown sharp.
A Broader Mandate, Not Just a Bigger Job
The clearest sign of how fundamentally the CISO role has shifted is the scope of accountability. According to the abovementioned report, 96% of CISOs are now responsible for AI governance and risk management, making them the de facto AI policy leaders of their organisations. A further 85% say DevSecOps now falls under their purview. These are enterprise-wide responsibilities that require working across engineering, legal, finance, and the board.
For CISOs in India, this expansion lands in a specific regulatory environment. The Digital Personal Data Protection Act has created direct leadership accountability for data handling. CERT-In’s six-hour incident reporting window means security decisions are no longer just made internally and then communicated, they are made in real time, in public, with reputational and legal consequences attached. The margin for misalignment between the CISO and the rest of the business has narrowed considerably.
In India, 90% of CISOs admit that their role has become more complex and difficult. Majority added that they are concerned about personal liability for security incidents which is a sharp marker of how consequential the role has become.
The Threat Landscape Has Changed in Form and Volume
From a cyberthreat perspective, CISOs today fear most from AI-enabled adversaries: not novel attacks, but familiar ones made drastically more effective. Social engineering which already is the most common attack vector is being supercharged by AI’s ability to generate convincing voice, identity, and written content at scale. The days of poorly worded phishing emails are over. What replaces them is far more difficult to train people to recognise.
For India, this threat profile is particularly relevant. Vast majority of CISOs, globally and in India, expect AI to increase the sophistication and realism of social engineering attacks above all else, making them significantly harder to detect and defend against. India’s own survey data shows that 40% of Indian threat actor concern centres on more rapid proliferation of exploits enabled by AI.
Meeting this scale of threat requires an expanded mandate for the CISO. Amid AI complexity and adversarial sophistication, organisations must keep pace with transformation in how security functions are built and run. The approach must be to consolidate fragmented toolsets, adding structure to the existing framework for AI-specific incident scenarios, and adopting federated governance models that distribute security accountability across engineering, legal, and operations teams.
Recalibrating Talent
The shift toward automation and intelligent tooling does not diminish the human dimension of security; it redefines what human contribution looks like. Nearly two-thirds of security teams are experiencing moderate to significant burnout, and the primary drivers are alert floods and tool sprawl, not understaffing. The problem is the quality of the work they are being asked to do.
This distinction matters for how CISOs respond. Hiring more analysts does not fix a system generating too much noise. How they plan to close skills gaps, deploying technology as a primary solution ranked last among CISOs. People-first strategies including upskilling existing teams, hiring for curiosity and adaptability rather than credentials alone, are what security leaders are actually betting on.
India’s digital economy is growing in ways that consistently outpace the security infrastructure built to support it. That gap is the CISO’s challenge and their opportunity. The role now carries the authority, the board proximity, and the organisational scope to build the governance frameworks, the AI strategy, and the business relationships that make security a visible driver of resilience.
The CISOs who will matter most in the years ahead will be those who become modern business enablers.