New Delhi: Indian companies are falling behind in tackling insider risks just as artificial intelligence and generative AI adoption intensifies, according to a new white paper by Protiviti and Microsoft.
The report, “Safeguarding From Within: Insider Risk Management in India,” highlights banking, financial services, healthcare, and IT/ITeS as the most exposed industries due to their heavy dependence on sensitive data and intellectual property.
Microsoft’s Security Insights shows 63% of breaches involve insiders. Protiviti’s India survey found only 24% of organizations feel ready to manage privacy concerns tied to emerging technologies, while 84% say they must do more to control risky employee use of generative AI.
“Insider risk management is no longer discretionary; it is a regulatory imperative,” said Sandeep Gupta, managing director at Protiviti India, pointing to mandates under the Digital Personal Data Protection Act and oversight from RBI, SEBI, and IRDAI.
The study urges enterprises to make insider risk a board-level priority, recommending cross-functional oversight, classification of insider threats, safeguards for high-value data, role-based access, incident response playbooks, and training for sensitive functions.
Microsoft executives called for embedding privacy-first, signal-driven tools like Microsoft Purview to translate policy into action. “Nothing erodes trust faster than insider risk,” said Vaibhav Koul of Protiviti.
The paper warns that reactive measures are no longer sufficient as insider incidents dominate breach statistics. With regulatory scrutiny tightening, Indian enterprises that embed proactive risk management can reduce legal exposure, protect brand reputation, and build trust with regulators, investors, and customers.
