A new study reveals Indian companies face increasing data security threats from within their own organisations as artificial intelligence adoption grows. The banking, financial services and insurance (BFSI) and information technology sectors are most exposed due to their handling of sensitive customer data and intellectual property.
Consulting firm Protiviti and Microsoft released the whitepaper 'Safeguarding From Within: Insider Risk Management in India' on 15 October 2025. The research found that 63 per cent of data breaches involve an insider in some capacity, according to Microsoft's security data.
The report comes as Indian organisations grapple with implementing the Digital Personal Data Protection Act 2023 while trying to harness artificial intelligence and generative AI for business growth. Regulatory bodies including the Reserve Bank of India are increasing scrutiny of how companies handle sensitive information.
"Insider risk management is no longer discretionary, it is a regulatory imperative for a majority of Indian enterprises with frameworks such as the Digital Personal Data Protection Act 2023 and sectoral mandates from SEBI, RBI, IRDAI, Telecommunication Act," said Sandeep Gupta, managing director, Protiviti Member Firm for India.
The study identified significant preparedness gaps among Indian companies. The study also found that 84 per cent of organisations believe they need better protections against risky employee use of AI.
Researchers conducted interviews with senior leaders from various sectors including banking, healthcare, pharmaceuticals and technology. The paper highlights that insider risk management has become a board-level concern, particularly for industries handling sensitive data.
"Proactive IRM offers a structured approach to safeguarding sensitive data, supporting compliance efforts, and building trust. By considering the strategies and recommendations outlined in this whitepaper, Indian enterprises can better manage insider risks while continuing to innovate in an AI-driven landscape," said Anand Jethalia, country head for cybersecurity at Microsoft.
The whitepaper recommends that companies establish clear ownership through cross-functional committees and implement stronger safeguards for high-value data assets. It suggests enhanced monitoring for sensitive information including unpublished price sensitive data, intellectual property and patient records.
With insider incidents accounting for most data breaches and AI creating new risk dimensions, the study urges Indian enterprises to make insider risk management a strategic priority. The recommendations focus on balancing innovation with security as organisations navigate India's evolving digital regulatory landscape. |
