- New DPDP Rules Redefine India’s Cyber Governance as an Enforceable Board-Level Mandate
The enforcement of the Digital Personal Data Protection (DPDP) Rules, 2025 marks a defining shift in India’s cybersecurity landscape, positioning data protection and governance as critical business imperatives rather than compliance formalities. Ahead of the CyberSec India Conference 2026, industry leaders highlighted that as organizations adapt to a more stringent regulatory environment, there is an increasing focus on measurable accountability, board-level oversight, and resilience against evolving cyber threats.
The 2nd edition of the CyberSec India Conference 2026, co-located with CyberSec India Expo 2026, will be held on April 23–24, 2026 at the Bombay Exhibition Centre (BEC), Mumbai, bringing together policymakers, industry leaders, and cybersecurity experts to deliberate on the future of India’s digital defence ecosystem.
With the DPDP framework now in force, organisations are no longer assessed solely on their intent to secure data but on their ability to demonstrate robust governance structures, effective breach preparedness, and a rights-centric approach to data management. This transition is redefining cybersecurity from a technical function to a strategic, boardroom-driven priority, as enterprises navigate rising regulatory expectations alongside increasingly sophisticated, AI-driven and large-scale cyber threats.
Mr Shyamkumar Nair, Regional Chief Security Officer, South Asia, Mastercard, emphasized the gravity of this evolution. He stated, “The activation of the DPDP Rules, 2025 marks a significant shift from awareness to accountability in India’s cybersecurity ecosystem, as data protection and security obligations become enforceable and organizations must demonstrate board level governance, breach preparedness, and rights centric data protection. Cyber resilience today should be measured not by incident counts, but by how effectively institutions anticipate threats, detect and contain them quickly, and ensure continuity of essential services.
Public–private partnerships will play a critical role in strengthening national cyber resilience, enabling real time threat sharing and coordinated response across critical infrastructure and SMEs. With a workforce of around 650,000 cybersecurity professionals, India is steadily positioning itself as a global hub for cyber talent and innovation.”
He further added, “Indian organizations are still in the early stages of preparing for post-quantum cybersecurity. While awareness is increasing, implementation remains limited. Around 50–55% of companies are evaluating or piloting post-quantum cryptography, but fewer than 10–15% have started deploying quantum-resistant encryption, and less than 5% have meaningful adoption in production. With initiatives such as the National Quantum Mission driving momentum, post-quantum migration is rapidly becoming a near-term priority for data protection and regulatory resilience.”
Sharing his perspective on the regulatory landscape, Dr. Lalit Gupta, President, Cyber Security Council of India and Advisory Board Member, CyberSec India 2026, said, “The activation of India’s Digital Personal Data Protection (DPDP) Rules marks a decisive shift in the country’s cybersecurity journey—moving from awareness-driven compliance to enforceable accountability. Organizations will now be required to demonstrate strong governance frameworks, robust risk management practices, and clearly defined breach response mechanisms, rather than merely stating their intent to protect data. With regulatory oversight and penalties now in place, cybersecurity will increasingly become a board-level governance priority instead of remaining a purely technical IT concern. This is also reflected in rising board-level attention, with over 50% of Indian enterprises now ranking cybersecurity as a top business risk. As India’s digital economy continues to expand, this transition will play a critical role in strengthening trust, accountability, and responsible data stewardship across industries.”
CyberSec India Conference 2026 will feature distinguished advisory board members including Mr Shyamkumar Nair, Regional Chief Security Officer, South Asia, Mastercard; Dr. Lalit Gupta, President, Cybersecurity Council for India; Dr. Yusuf Hashmi, Chief Cybersecurity Advisor, Dell Technologies; Mr Krishan Dev Nidumolu, Head of Information Security, Insurance Information Bureau of India; Mr Anil Tailor, CEO, TCS LLC; and Prof. Dr. Shri K. Kulkarni, Senior Advisor – Defense & Intelligence Affairs (Cybersecurity), Governments of USA & India.
A diverse lineup of speakers, including Ranjeeth Bellary, Partner – Assurance, EY; Gaurav Hirani, General Manager – Head Cloud DevSecOps, Jio; Nageshwaran C, Chief Information Security Officer, TVS Holdings; and Prof. Ajay Singh, Professor of Practice, Author and Fellow, Institute of Directors, along with other leading experts, will share practical perspectives and industry insights.
As organizer of expo Mr Taher Patrawala, Managing Director, Media Fusion, said, “As India’s digital economy expands at an unprecedented pace, the nature of cyber threats is becoming more sophisticated, interconnected, and persistent. From AI-driven attacks to quantum-era risks, the country must proactively build resilience frameworks that are not only robust but also future-ready. The CyberSec India Conference 2026 serves as a critical platform for industry leaders, policymakers, and cybersecurity professionals to come together, exchange insights, and collectively shape strategies that will safeguard India’s digital infrastructure and national interests in the years ahead.”
With cyber threats becoming more AI-driven, large-scale, and financially disruptive, and with India ranking among the top global targets for ransomware and email-based attacks, the CyberSec India Conference 2026 stands as a vital platform to enable strategic dialogue, policy alignment, and industry collaboration. The conference is set to play a pivotal role in strengthening India’s cyber resilience and shaping the roadmap toward a secure and globally competitive digital economy.
