By Robert Pizzari, Group VP, Strategic Advisory, APAC
In today’s hyperconnected landscape, digital resilience is a fundamental necessity. For India’s rapidly expanding digital economy, the stakes in cybersecurity are especially high and Chief Information Security Officers (CISOs) have a unique opportunity to reframe cybersecurity from a mere cost centre to a strategic enabler of business growth. Boards prioritise overall business profitability and stock prices while CISOs specifically focus on safeguarding data and systems. By recognising their shared objectives, they can become powerful collaborators propelling organisations towards digital resilience.
Despite 64% of boards globally recognising cybersecurity as a business enabler, only 43% of CISOs align their strategies accordingly, as Splunk’s CISO Report 2025 reveals. Indian CISOs have an opportunity to change the narrative, particularly in sectors like IT, telecommunications and financial services, where downtime can cost large enterprises an average of USD $200 million annually – a significant 9% reduction in yearly profits, as noted in Splunk’s report, “The Hidden Costs of Downtime”. Bridging this gap could unlock new avenues for growth while ensuring robust defences.
Cybersecurity as a Growth Enabler
India’s digital economy is characterised by rapid cloud adoption, fintech innovations, and AI-driven solutions — all of which increase vulnerabilities but also present significant opportunities.
For instance, while 53% of global CISOs believe AI offers attackers an advantage, the same technology can empower Indian CISOs to revolutionise threat detection, automate compliance, and boost efficiency. AI significantly enhances capabilities in malware analysis, threat detection, and configuration standards and it’s crucial for CISOs to communicate these opportunities to their boards and motivate them to invest in the necessary infrastructure, training, and governance. Investing in AI-driven defences will not only reduce risks but also demonstrate tangible ROI to boards—a win-win for security and innovation.
Speaking the Board’s Language: A Key to Unlocking Investments
A critical challenge the CISO Report highlights is the disconnect between CISOs and boards. Although 83% of CISOs report regular interactions, many struggle to effectively communicate the ROI of cybersecurity investments. CISOs in India must shift from technical jargon to clearly articulate business impacts, such as revenue losses from downtime and the long-term benefits of enhanced customer trust.
To secure budget approvals, CISOs have to present concrete calculations on direct and secondary costs of downtime, including lost revenue, SLA penalties, and shareholder impact. Notably, 46% of boards find these types of costs convincing. While 39% of CISOs already employ this strategy, there remains ample opportunity to refine their persuasive abilities, such as presenting cyber risk metrics and actionable recommendations that guide management decisions. Using metrics like downtime costs and regulatory compliance savings, CISOs can effectively garner board-level support for advanced technologies and robust defence strategies.
Making Cybersecurity Central to Business Strategy
To evolve into influential boardroom players, CISOs in India must advocate for the inclusion of cybersecurity expertise at the board level. Currently, only 29% of boards globally feature members with cybersecurity backgrounds. Bridging this gap would not only improve decision-making but also highlight cybersecurity’s vital role in achieving business objectives. Having a CISO or security expert on the board not only signals a commitment to improving security culture and cyber resilience but also inevitably translates to safeguarding overall business resilience.
Per the same report, CISOs with strong board relationships benefit from better collaboration throughout the organisation, reporting particularly strong partnerships with IT operations (82% versus 69% of other CISOs) and engineering (74% versus 63%). They can effectively communicate the board’s business needs and strategies to more technical departments, linking them to the organisation’s overall goals. A trusted partnership between CISOs and the board in turn allows for exploration of new technology investments, including use cases for GenAI, such as threat detection rules, data analyses, incident response and forensic investigations, and proactive threat hunting.
In today’s AI-era, CISOs will need to start broadening their focus beyond IT and position cybersecurity as a strategic growth driver. This involves embedding security into company-wide strategies, promoting effective governance structures, and raising awareness of security’s role in market differentiation and resilience.
From Protection to Enablement
Modern cybersecurity transcends mere defence and protection—it fosters innovation, resilience, and competitive differentiation. For India’s ambitious digital economy, this shift redefines security as a value creator rather than a cost containment measure. Robust security practices not only safeguard revenue but also enhance customer trust and experiences.
India stands at a pivotal crossroads where the pressing question is no longer whether cybersecurity matters, but how CISOs champion it as a transformative force that delivers value to the business.
