As cyber threats grow in complexity and regulations become more demanding, industry voices are stepping up to guide both enterprises and regulators toward a more secure digital future. In this Q&A, Karmendra Kohli, CEO & Director, and Seemanta Patnaik, Co-founder & CTO of SecurEyes, share their insights on key trends, challenges, and solutions shaping the cybersecurity ecosystem in India today. A pure-play cybersecurity consulting, services, and products company that also provides cybersecurity training and education.
Read the full interview here:
TimesTech: How can digital platforms help regulatory bodies enhance cybersecurity compliance and risk management?
Karmendra: Bridging the gap between regulatory expectations and real-world implementation is one of the biggest challenges. For overcoming these challenges, platforms that support real-time regulatory compliance tracking; providing actionable insights, and automated reporting; are empowering regulators to monitor Cybersecurity, business continuity, and IT Governance posture more effectively.
What’s really transformative is the use of AI, particularly Generative AI, which allows for dynamic query responses based on sectoral data. This results in fast provisioning of meaningful insights that enables the regulators to understand the regulatory compliance landscape of the sector enabling a more proactive approach to cybersecurity risk management.
TimesTech: Cybersecurity regulations are evolving rapidly. How can organisations—especially in banking and financial services—stay ahead of compliance requirements?
Seemanta: Regulatory frameworks are becoming increasingly stringent, especially in high-risk sectors like banking and finance. Organisations need solutions that keep pace with global and local regulatory updates and provide clear workflows for compliance.
However, it’s not just about meeting framework and standards requirements, it’s about managing risks by protecting critical assets and ensuring operational resilience. The focus should be on simplifying compliance through automation, while also embedding cybersecurity as a core enabler of business functions. Flexibility and adaptability of managing compliances through automated systems is the key to staying ahead of compliance requirements.
TimesTech: There’s a widening talent gap in cybersecurity. What can companies do to address this, and what role does education play?
Karmendra: The widening talent gap in cybersecurity is a pertinent challenge as there is huge demand-supply gap for skilled professionals. To address this, organizations must rethink on how they attract, train, and retain cybersecurity talent. Having continuous learning initiatives, upskilling programs, and hands-on apprenticeships can help build internal pipelines, while partnerships with educational institutions can ensure that curricula stay aligned with real-world cybersecurity needs. Organizations must also broaden their hiring criteria to evaluate high potential candidates from non-traditional backgrounds and emphasize skills over formal degrees. At the same time, education plays a pivotal role; modernizing cybersecurity programs, incorporating practical experience, and introducing cybersecurity concepts earlyon in general education curriculum can help prepare the next generation of cybersecurity professionals. Certification programs, bootcamps, and hackathons in colleges also offer accessible ways of entry into this field. Finally, reducing the cybersecurity talent gap requires collaboration between industry and academia, with a shared focus on creating clear, inclusive, and flexible options for students to be motivated to get into the cybersecurity profession.
TimesTech: What are the emerging trends that will shape the cybersecurity industry over the next five years?
Seemanta: We’re heading towards a future where AI and machine learning will be embedded deeply into risk management systems. There will be a surge in interest in domains like automotive cybersecurity, privacy engineering, and even quantum-resilient security.
Information sharing, integration, and automation will become standard. Real-time threat detection and inter-organisational collaboration will enable faster, smarter responses to emerging threats.
Karmendra: The focus will shift from reactive models to proactive and even preemptive strategies. Cybersecurity will no longer be viewed as an IT concern, but as a strategic business enabler. Those who invest in early detection, real-time visibility, and response automation will lead the way.
TimesTech: With the rise of AI-driven cyber threats, how can organisations leverage AI responsibly in their defence strategies?
Seemanta: AI is both a weapon and a shield. When used wisely, it significantly enhances threat detection, response time, and contextual decision-making. For instance, AI dashboards can now answer queries like “What are the top risks this week?” in seconds—something that used to take days.
The key is to combine AI with human oversight. Machines handle the volume; people handle the nuance. Together, they create a resilient defence layer.
TimesTech: What are the biggest risks to securing people, infrastructure, and information today, and how can they be mitigated?
Seemanta: Today’s threats aren’t just technical—they’re psychological. Social engineering attacks, for instance, exploit human behaviour more than system flaws. That’s why cybersecurity awareness has to go beyond IT teams. Leadership buy-in is essential.
Organisations should also conduct red-teaming exercises, threat modelling, and regular audits to evaluate their posture across people, processes, and technology. A holistic, enterprise-wide approach is the only way forward.
TimesTech: With more businesses moving to hybrid and multi-cloud environments, what’s essential for strong cloud security?
Seemanta: Governance is everything in the cloud. Organisations need well-defined policies, standard operating procedures, and continuous assessments. It’s not enough to rely on vendor tools—cloud misconfigurations remain a leading cause of breaches.
Following established frameworks like the Cloud Security Alliance’s STAR program helps. But most importantly, cloud security must be built with a ‘privacy and security-by-design’ approach. That means embedding security and privacy considerations from the architecture stage itself.
TimesTech: As cyberattacks on critical infrastructure increase, what strategies can strengthen national and enterprise security?
Seemanta: For critical infrastructure, regulatory compliance is non-negotiable. But compliance alone isn’t enough—continuous monitoring, threat intelligence, and supply chain risk assessments are crucial.
Design integrity matters. Systems need to be built with resilience in mind, not just patched when something breaks. Tools that manage vulnerability, business continuity, and third-party risks must be a core part of national and enterprise security strategies.
Cybersecurity is no longer a siloed function—it’s a boardroom concern. Whether you’re a startup or a large enterprise, investing in cybersecurity is investing in your future. It’s about trust, resilience, and the ability to adapt to a constantly evolving digital world.
