Over 90% of Security Breaches Linked to Human Error or Malicious Activity

As India cements its position as a global digital powerhouse, the nation’s cybersecurity landscape is evolving at an unprecedented pace. To get an insider’s view on how Indian enterprises are coping with rising cyber threats and regulatory changes, CiOL spoke to Bikramdeep Singh, Country Manager – India, Proofpoint, a global leader in human-centric security. In this exclusive Q&A, Bikramdeep shares his perspective on India’s readiness for cyber threats, the rise of AI in cybercrime and defence, sectoral risk patterns, the impact of new regulations, and how to bridge the cyber talent gap. Excerpts.

With India emerging as a critical hub in the global digital economy, what makes it the next frontier for cybersecurity? How do you view India’s enterprise readiness in the face of increasingly sophisticated threats?

Digital transformation and the rapid evolution of AI are reinventing the business landscape, creating vast opportunities for innovation and growth. However, such rapid technological adoption also results in unique challenges in safeguarding people and data. With ambitious digital initiatives driving technology adoption, India’s cyber threat landscape is increasing, creating an urgent need for robust security solutions.

India’s enterprises are showing promising progress in fortifying their cybersecurity postures, but the evolving threat landscape demands a proactive and people-centric approach. Organizations are beginning to invest more in advanced threat intelligence, user awareness training, and data loss prevention, yet challenges remain—particularly around securing hybrid work environments and managing third-party risks. At Proofpoint, we believe India stands at a critical junction: enterprise leaders must go beyond traditional perimeter defenses and adopt an integrated cybersecurity strategy focused on the most targeted individuals and the data they access. With the right tools, frameworks, and mindset, Indian organizations are well poised to lead the next wave of cyber resilience in the digital economy. Additionally, India is home to top global tech talent, providing an excellent opportunity for Proofpoint to leverage local expertise and further drive innovation to make India the next frontier in cybersecurity.

Proofpoint’s entry into the Indian market comes at a time when people-centric (or human-targeted) attacks like phishing, social engineering, and insider threats are on the rise. How should Indian enterprises rethink their cybersecurity posture in this context?

The Indian cybersecurity market is at a tipping point, where traditional security approaches are proving insufficient against the surge in human-targeted attacks. Our research shows that over 90% of successful breaches are attributed to human error or malicious activity, rather than purely technical vulnerabilities. Gartner reinforces this trend, predicting that by 2027, 50% of large enterprise CISOs will have adopted human-centric security design. Therefore, Indian enterprises must recognize people as the primary attack vector and must focus on implementing comprehensive protection that covers email, cloud applications, and collaboration tools where employees operate daily.

Most importantly, Indian enterprises need to recognize that security is no longer just an IT function but a business imperative requiring board-level attention. The human-centric security approach demands cross-functional collaboration between security teams, HR, legal, and business units to create a culture of security awareness. Organizations should invest in security solutions that provide actionable intelligence about their human attack surface. At Proofpoint, we're partnering with Indian enterprises to build human-centric security posture through a combination of advanced threat protection, information protection, and compliance solutions designed specifically for the unique challenges Indian organizations face in this evolving threat landscape.

Artificial intelligence is proving to be a double-edged sword, amplifying both threats and defences. From Proofpoint’s perspective, how do you see GenAI reshaping cybersecurity strategy, particularly in emerging markets like India?

Artificial intelligence, particularly generative AI, is fundamentally altering the cybersecurity equation in India's rapidly evolving digital ecosystem. (AI) serves dual roles in cybersecurity: it can drive innovation while also being leveraged by cybercriminals to enhance phishing and ransomware tactics. This democratization of advanced attack techniques is particularly concerning, as many organizations are still building their security foundations. According to Proofpoint’s 2024 Voice of the CISO Report, a majority (87%) of CISOs globally are looking to deploy AI-powered capabilities to help protect against human error and advanced human-centred cyber threats.

Proofpoint offers a comprehensive, adaptive AI-driven, human-centric security platform that analyzes individual user behavior, detects anomalies in real-time (like sudden requests for sensitive data), and blocks multilingual phishing attempts. By layering global threat intelligence with adaptive AI, we protect organizations at their weakest link—human interaction—while ensuring compliance with India’s evolving data protection regulations.

Sectors like BFSI, healthcare, and tech are particularly vulnerable to targeted cyberattacks. What patterns or risk areas are you observing in these industries, and how can organisations better prioritise their defences?

At Proofpoint, we’re seeing a significant rise in targeted, people-focused cyber threats across BFSI, healthcare, and technology—sectors that manage sensitive data and critical infrastructure. In BFSI, attackers are exploiting trust through phishing and business email compromise (BEC) to infiltrate financial systems, contributing to a fourfold rise in high-value fraud cases in India last year.

To counter these threats, Indian enterprises must shift toward a human-centric security model. This begins with identifying their most targeted individuals, deploying intelligent email and DLP solutions, and strengthening security awareness across the organization.

With regulatory frameworks such as India’s DPDP Act evolving rapidly, how should enterprises strike a balance between compliance and agility? Are Indian businesses prepared for the scale of accountability that modern regulations demand?

India’s Digital Personal Data Protection (DPDP) Act, ushering in a new era of accountability, compels enterprises to rethink how they collect, process, and protect personal data. At Proofpoint, we view this as a critical opportunity—not just a compliance burden. The DPDP Act’s focus on data minimization, purpose limitation, and user consent reflects global regulatory shifts toward individual rights and corporate transparency. However, meeting these standards requires more than policy updates—it demands real-time visibility into data flows, automated controls, and human-centric risk management. Organizations must balance agility with control by embedding security and privacy into the fabric of their operations, from email systems to cloud environments.

That said, many Indian businesses are still relatively early in their privacy maturity journey. While awareness is growing, especially in sectors like BFSI and tech, there’s a significant gap in preparedness—particularly in identifying where sensitive data resides and how it's being accessed or shared. The accountability structure under the DPDP Act places the onus squarely on data fiduciaries, meaning even third-party exposures or insider negligence can result in major compliance failures. At Proofpoint, we help enterprises close this gap by offering solutions that detect and prevent data loss, monitor insider risks, and enable compliant data handling without sacrificing speed or innovation. With the right investments, Indian businesses can confidently navigate this regulatory transformation while remaining agile and competitive.

Cybersecurity talent continues to be a critical gap. What are the structural or ecosystem-level changes India needs to make to develop the skilled workforce required to meet rising cyber defence needs?

India’s cybersecurity talent gap is a growing concern, especially as the country faces a surge in sophisticated, people-centric attacks. To bridge this, India needs to promote public-private collaboration, build regional cyber labs and simulation centers, and offer structured career pathways for cybersecurity professionals which can help to create a robust talent pipeline. At Proofpoint, we believe that addressing this gap isn’t just a workforce issue—it’s foundational to national resilience in the digital economy.