Cybersecurity Is No Longer a Function—It’s a Shared Leadership Priority

In this exclusive interview with CiOL, Santhanam Govindaraj (Santh), Chief Technology Officer, Capital Markets, Wealth and Investment Management, Broadridge India,shares insights into the evolving cybersecurity landscape and the role of advanced technologies in shaping the future of financial services. With over 26 years of techno-functional leadership across top-tier firms like Wells Fargo, Bank of America Merrill Lynch, Goldman Sachs, and D.E. Shaw, Santh brings a deep understanding of capital markets and wealth management. At Broadridge, he is spearheading the development of a globally aligned GTO organization in India, driving innovation, operational excellence, and positioning the India center as a strategic hub for business and technology transformation. Excerpts.

AI is everywhere these days — but when it comes to cybersecurity, do you see it as a double-edged sword and how to use AI to manage cybersecurity strategically?

AI is becoming a transformative force in cybersecurity—bringing both new opportunities and challenges. Used strategically, it strengthens an organization’s ability to detect threats in real time, automate response, and anticipate risks before they escalate.

In financial services, where trust and resilience are paramount, this shift is well underway. Broadridge’s 2024 Digital Transformation Study found that firms plan to increase cybersecurity investments by 28% over the next two years, with over 95% also investing in AI. Much of that investment is focused on enhancing cybersecurity—especially in fraud detection, risk management, and data protection.

Organizations are moving beyond traditional defense mechanisms to adopt intelligent, proactive strategies. AI-driven systems can identify vulnerabilities, accelerate recovery, and predict future threats. When combined with technologies like distributed ledgers—such as Broadridge’s DLR platform—they further strengthen digital infrastructure with added transparency and resilience.

What are the key elements enterprises should focus on when building a future-ready cybersecurity infrastructure in today’s dynamic threat environment?

With increasing digital interdependencies, remote operations, and evolving threats, the need for a future-ready cybersecurity infrastructure is more urgent than ever. It requires an integrated and intelligent approach—one that prioritizes risk management, data protection, and compliance from the ground up. In financial services, where accuracy, speed, and security are non-negotiable, advanced technologies are playing a pivotal role. At Broadridge, we’re helping clients strengthen resilience through AI and machine learning platforms that power predictive analytics and intelligent automation—particularly in areas like reconciliation and exception management.

Distributed Ledger Technology (DLT) is also becoming central to securing digital infrastructure. Our Distributed Ledger Repo (DLR) platform uses DLT to bring real-time visibility and data provenance to repo markets, reducing trade mismatches and enabling intra-day settlements with digital bond representations. Similarly, the Shareholder Disclosure Hub (SDH) leverages blockchain to streamline regulatory workflows—authenticating issuer requests securely across intermediaries and improving compliance speed and confidence.

Ultimately, a future-ready cybersecurity approach must go beyond protection. It must be adaptive—able to respond to emerging risks—while maintaining end-to-end visibility, operational efficiency, and trust at scale.

Today Zero Trust is emerging as a critical security framework, what actionable strategies should organizations take to accelerate their Zero Trust journey?

Accelerating the Zero Trust journey requires a strategic, layered approach centered on a simple yet powerful principle: never trust, always verify. In today’s complex digital environment, organizations must start by establishing strong Identity and Access Management (IAM)—including multi-factor authentication (MFA), role-based access control (RBAC), and the principle of least privilege—to ensure users access only what they truly need.

Micro-segmentation is equally important. By isolating workloads and limiting lateral movement across the network, organizations reduce the risk of internal spread during a breach. A Zero Trust architecture also demands continuous evaluation of third-party vendors and partners, with risk-based authentication and compliance monitoring embedded into onboarding and ongoing access.

Encryption, intelligent access controls, and real-time monitoring further reinforce the framework—helping verify every user, device, and application before granting access. These identity-driven, proactive security measures reduce the attack surface and enhance breach resilience.

Ultimately, Zero Trust isn’t a single solution—it’s a mindset shift. One that enables enterprises to adapt to evolving threats while building a more secure, agile, and trusted digital foundation.

With hybrid and remote workforces being the norm now, how can organizations ensure robust endpoint security without compromising user experience?

As hybrid and remote work become permanent fixtures, organizations must rethink how they secure endpoints—balancing strong protection with a seamless, user-friendly experience. This requires moving beyond traditional perimeter-based models toward more agile, layered security frameworks.

At Broadridge, we address this through a strategy grounded in innovation, operational excellence, and collaboration. Our Information Security and AI Governance teams deploy a comprehensive suite of controls—ranging from encryption and data masking to advanced authentication and data loss prevention. These are supported by regular penetration testing and continuous monitoring to maintain visibility and control across a distributed environment.

Strong endpoint security shouldn’t come at the cost of user experience. With the right architecture, governance, and continuous oversight, organizations can achieve both—protecting what matters most while empowering their people to perform at their best.

If you look from your vantage point as a CTO, how do you see the role of cybersecurity as part of the C-suite agenda and panning out in the next few years - as a top leadership priority?

Cybersecurity has moved well beyond its traditional role as a back-office safeguard. It’s now a core pillar of enterprise resilience—and a critical enabler of innovation, trust, and long-term growth.

At Broadridge, cybersecurity is embedded in how we serve our clients and partners. As digital transformation accelerates and hybrid work becomes the norm, the threat landscape has expanded—placing a clear responsibility on leadership to adopt a proactive, strategic approach to risk and resilience.

Cybersecurity will remain high on the C-suite agenda—not only as a technology mandate, but as a business imperative. As Gartner projects that by 2026, 70% of boards will include a cybersecurity expert, we’re seeing a shift in mindset. The focus is moving from securing individual systems to building secure-by-design platforms that support agility, regulatory readiness, and client confidence.

Looking ahead, success will depend on integrating security across the digital ecosystem—from software development and data governance to client touchpoints and third-party relationships. Cybersecurity is no longer a standalone function; it’s a shared leadership priority and a vital part of shaping the enterprise of the future.