Advertising
Layoffs in Adland: Omnicom's acquisition of IPG nears finish line. But at what human cost?
Only 24% of Indian firms ready to handle AI-linked privacy risks: Protiviti–Microsoft report
84% of organizations believe they need stronger safeguards against risky employee use of AI tools--especially as regulators tighten data-handling norms under the Digital Personal Data Protection (DPDP) Act
Artificial Intelligence is amplifying the potential for internal data leaks.
As Indian companies race to embed generative AI (GenAI) into their operations, most remain ill-prepared for the growing threat from within—their own employees. A new whitepaper by Protiviti and Microsoft warned that insider risk management (IRM) has emerged as a major blind spot for Indian enterprises, particularly in data-heavy sectors such as banking and financial services (BFSI), healthcare, and IT/ITeS.
The report, titled “Safeguarding From Within: Insider Risk Management in India,” highlighted that 63% of data breaches globally involve insiders, whether through negligence or malintent, according to Microsoft’s latest Security Insights. Yet, only 24% of Indian organizations felt they were prepared to manage privacy risks linked to new technologies such as AI, IoT, and blockchain, Protiviti’s State of Data Privacy in India survey indicated.
Rising risk in the age of AI
While AI promises efficiency and innovation, it is also amplifying the potential for internal data leaks and misuse. The paper noted that 84% of organizations believe they need stronger safeguards against risky employee use of AI tools--especially as regulators tighten data-handling norms under the Digital Personal Data Protection (DPDP) Act and sectoral mandates from the RBI, SEBI, and IRDAI.
“Insider risk management is no longer discretionary—it’s a regulatory imperative,” said Sandeep Gupta, managing director, Protiviti Member Firm for India. “For sectors dealing with highly sensitive data, IRM is foundational to customer trust and compliance.”
From governance to technology
Industry experts say that the insider threat is shifting from being a technology issue to a governance challenge that demands board-level ownership. “Nothing erodes trust faster than insider risk,” said Vaibhav Koul, managing director, Protiviti Member Firm for India. “Boards need privacy-first, signal-driven frameworks that make trust measurable and enforceable.”
The whitepaper outlined a roadmap for building a mature insider risk program—one that integrates people, process, and technology. It recommended prioritizing protection of high-value data assets such as UPSI, intellectual property, and patient records. It also suggested of aligning enterprise policies with the DPDP Act and financial-sector data protection mandates, and training high-risk roles in finance, legal, and R&D.
SPOTLIGHT
According to LinkedIn’s research with over 1,700 B2B tech buyers, video storytelling has emerged as the most trusted, engaging, and effective format for B2B marketers. But what’s driving this shift towards video in B2B? (Image Source: Unsplash)
Read MoreExplained: Standing Committee’s draft report on India’s fight against Fake News
India’s parliamentary panel warns fake news threatens democracy, markets and media credibility, urging stronger regulation, fact-checking, AI oversight and global cooperation.