/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/media_files/2025/01/15/lWO5T95xmoKppnIA7rxh.jpg)
As cyber risks intensify and artificial intelligence becomes more deeply embedded in business operations, industry leaders are warning that data privacy can no longer be treated as a regulatory formality. Instead, it is emerging as a central pillar of financial stability, operational resilience, and public trust.
Speaking on Data Privacy Day, Anuj Khurana, Co-founder and Chief Executive Officer of Anaptyss, said data protection has evolved into a direct business and risk concern with measurable financial consequences. “In an increasingly digital world, data privacy has moved beyond being a compliance checkbox to becoming a core business and risk imperative with direct financial impact,” he said.
Khurana pointed to the rising cost of breaches, noting that in 2025 the average incident cost around USD 4.4 million, with financial services institutions facing losses of USD 5.5 million to USD 6 million per breach due to the sensitivity of their data and the complexity of their systems. He added that while phishing and supply-chain attacks remain major threats, the unregulated use of artificial intelligence, often described as “Shadow AI”, is becoming a significant risk.
“In India, Shadow AI already ranks among the top three contributors to breach costs,” Khurana said, warning that AI adoption is moving faster than security governance and regulatory controls.
According to Khurana, this shift is forcing banks and financial institutions to rethink how they manage risk. He argued that privacy, compliance, and financial crime prevention can no longer be handled separately. “Modern risk and compliance architectures must be engineered with privacy-by-design at their core,” he said, calling for stronger data classification, access governance, and model oversight within fraud and anti-money laundering systems.
Visibility and Control in a Complex Data Environment
Industry experts say that growing digital complexity has made it harder for organisations to track who is accessing sensitive information and how it is being used. Dipesh Kaura, Country Director for India and SAARC at Securonix, said privacy depends on an organisation’s ability to monitor and control data access in real time.
“Privacy is only as strong as your ability to see and control who touches your data,” Kaura said. “Protecting sensitive information means continuously monitoring access, understanding behaviour, and stopping misuse before it becomes a breach.”
He added that many companies still struggle to answer basic questions about data ownership and access. “On Data Privacy Day, the real question every organisation must answer is simple: do you truly know who has your data and can you prove it?” he said.
The growing sophistication of cyber attacks has further complicated the situation. Sandeep Bhambure, Vice President and Managing Director for India and SAARC at Veeam Software, said fragmented data management and weak governance are leaving organisations vulnerable.
“Data control is at the heart of trust, resilience, and safe AI adoption,” Bhambure said. He cited Veeam’s ransomware research, which found that 69 per cent of affected organisations suffered multiple attacks in a single year, while 90 per cent had their backup systems targeted.
“This highlights how fragmented visibility and weak data governance leave businesses dangerously exposed,” he said. Without clear oversight of data storage, protection, and recovery processes, organisations risk prolonged disruptions in addition to financial losses.
In the Indian context, Bhambure said regulatory pressure is also increasing. With the Digital Personal Data Protection Act now in force and further changes expected, companies must move beyond reactive cybersecurity measures. “Ensuring data is secure, compliant, and recoverable is no longer optional,” he said. “It is essential for responsible AI adoption and long-term business success.”
From Compliance to Resilience and Innovation
Beyond risk reduction, technology leaders argue that strong data governance is becoming a foundation for innovation and growth. Rick Vanover, Vice President of Product Strategy at Veeam Software, said trust and control are central to long-term resilience.
“True data resilience starts with trust and control,” Vanover said. “Organisations that ensure their data is secure, governed, and trustworthy lay the foundation not only for compliance, but also for safe AI adoption and transformative business outcomes.”
He added that resilience technologies are increasingly critical to maintaining business continuity when systems fail or are compromised.
Shiva Pillay, Senior Vice President and General Manager for the Americas at Veeam Software, echoed this view, describing data governance as a strategic advantage rather than a defensive measure. “Taking control of your data is more than a security imperative, it’s a business accelerator,” he said. “Trusted data fuels smarter decisions, resilient operations, and innovation that drives real business outcomes.”
At the same time, experts warn that emerging technologies are introducing new categories of risk. Bernard Montel, Field Chief Technology Officer at Tenable, said cybercriminals are increasingly using AI to scale and automate attacks, making them harder to detect.
“With cybercriminals weaponising AI, attacks are becoming faster, smarter and harder to detect,” Montel said. He also highlighted the risks associated with agentic AI systems that can act independently within sensitive environments. “Effective governance now demands visibility into machine behaviour, not just human access,” he said.
Montel argued that identity governance must become a core security priority. “Compliance should be the baseline, with prevention and resilience built in from day one,” he added.
Taken together, the views of industry leaders suggest that data privacy is entering a new phase, shaped by rising cyber threats, stricter regulation, and rapid AI adoption. As financial and digital ecosystems grow more interconnected, organisations are being pushed to integrate privacy, security, and governance into their core operations.
On Data Privacy Day, the message from across the sector is consistent: safeguarding data is no longer only about meeting regulatory requirements. It is about protecting customers, sustaining trust, and building resilient systems capable of supporting the next wave of digital and artificial intelligence-driven growth.