At the ET CISO Data Protection & Privacy Summit 2025, senior leaders from fintech, insurance, banking, market infrastructure and digital identity platforms examined how trust is shifting from a moral position to a measurable business strategy. Moderated by Sneha Jha, Editor – Special Initiatives, ETCIO & ETCISO, the discussion highlighted how Indian enterprises are redesigning systems, controls and culture to comply with the Digital Personal Data Protection Act (DPDPA) and build long-term credibility.

Opening the session, Mrinmoy Dey, CISO, Lendingkart, explained how digital lenders are increasingly relying on unified XDR-driven intelligence to evaluate identity signals and detect anomalies. “In lending, trust begins at login… we need 360-degree visibility across devices, behaviour and biometrics, stitched into one decision plane,” he said. This model, he noted, not only accelerates decision-making but categorises applications into risk bands, reducing fraud and enabling tailored verification pathways.

Continuous monitoring emerged as a foundational requirement across sectors. Biju K, CDPO, Federal Bank, noted that the same cyber threats targeting networks today also directly intersect with DPDPA compliance. “Without continuous monitoring, you cannot detect incidents in real time—and DPDPA’s seven-hour reporting window demands that visibility,” he said.

Representing market infrastructure, Nagesh Jha, CISO, NSDL, emphasised that privacy has become inseparable from national financial stability. “The attack surface is expanding, and with AI-enabled deepfake and phishing threats rising, we must be stronger than adversaries,” he said. He highlighted NSDL’s automation-first approach, layered controls, and sector-wide intelligence sharing. “In capital markets, if one component is hit, the entire settlement chain feels the impact. Cybersecurity is a collaborative sport,” he added.

Insurance, with its mix of personal and financial data, is navigating heightened expectations. Praveen Mishra, CISO, Liberty General Insurance, said the organisation is redefining “reasonable safeguards” through minimisation, access governance, secure partner channels and data lifecycle tracking. “The more data you collect, the more risk you carry,” he noted. While breach containment SLAs exist, Mishra stressed that privacy maturity is evolving: “Every day you must be more vigilant and smarter than yesterday.”

From the technology provider’s lens, Manoj Dhingra, Cofounder & Director – India Business, Stellar Information Technology, cautioned that residual data on decommissioned IT assets remains an overlooked but critical exposure. Citing the Morgan Stanley disposal incident, he said: “This wasn’t a cyber attack—it was a disposal failure.” He explained how certified erasure platforms like BitRaser provide tamper-proof audit trails, digitally signed certificates and end-to-end chain-of-custody records. “Trust is no longer a promise—it’s a proof,” he added.

Adding an ecosystem view, Malcolm Gomes, COO, IDfy, said implementation challenges stretch across business, technology, operations and third-party touchpoints. “Privacy is not a linear puzzle—its pieces sit across the organisation,” he said, highlighting the need for automation, oversight and inclusive consent mechanisms that work across India’s diverse linguistic and digital literacy landscape. Gomes noted that consumer expectations are already shifting: “Trust is becoming a competitive advantage. Customers are rewarding brands that demonstrate it.”

As the conversation turned to AI-driven fraud detection, leaders acknowledged early yet promising gains. Mishra noted that AI is helping detect fraudulent insurance policies at creation, flagging unusual patterns in vehicle and commercial policy submissions. Lendingkart’s Dey added that trust signals—including device reputation, behavioural analysis and synthetic identity detection—now function as business APIs embedded into digital journeys.

On what enterprises must do in the next year to outpace attackers, panelists converged on four imperatives:

• Make security a growth enabler, not a drag on digital innovation.
• Map and minimise the attack surface across hybrid, distributed environments.
• Embed trust and transparency into UX and product design—not as afterthoughts.
• Strengthen governance and frontline awareness, ensuring employees know how to handle personal data responsibly.

  As one speaker summarised: “Trust should not be an optional feature. It must be built from the design phase, integrated into every phase, and proven every day.” Another added: “Trust is the most expensive currency in the digital world—and the hardest to earn back.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!