India Inc keen to take bite of AI, but RoI and security hold it from sinking teeth

Mumbai: Indian enterprises are gung-ho about adopting artificial intelligence, but face the challenge of scaling pilot projects with adequate security, governance or return on investment, top corporate leaders said at the Economic Times AI Vantage roundtable moderated by ET’s Surabhi Agarwal.

Companies are discovering that AI adoption is less about choosing the latest frontier model and more about redesigning workflows, securing data, training employees and building resilience, they said.

"There is no lack of ambition, but there is significant technical debt, trust issues and governance challenges," said Cisco India and South Asia president Daisy Chittilapilly. Citing Cisco’s latest AI Readiness Index, she said more than 80% of organisations want AI agents integrated into their workforce this year, but less than 30% believe they are ready from a security, infrastructure and data perspective.


Parminder Singh, chief executive of Reliance Enterprise Intelligence, said the industry is now entering a second phase where enterprises need help answering more fundamental questions.

They first need to determine which model best suits each workflow instead of defaulting to the latest frontier model. "The winners on the podium will continue to keep changing. Don't get too excited by a particular model," he said.

For financial services firms, where a single AI error could have significant financial consequences, security can no longer be treated as an afterthought, said Ambarish Kenghe, group CEO of stock trading and broking platform Angel One.

He identified three key risks enterprises must guard against: AI generating incorrect information, leakage of sensitive customer data and autonomous systems behaving unpredictably. "The more powerful the technology, the more careful you have to be," Kenghe said, stressing that organisations must build security and safety by design into AI systems from the outset.

Enterprises should first understand where their data resides, how AI models and third-party vendors are using it, and establish safeguards, continuous monitoring and red-teaming practices, Kenghe said. Equally important is preparing for inevitable incidents through response strategies and tabletop exercises rather than assuming preventive controls alone will be sufficient, he added.

Prashant Thakkar, executive director, LIC Mutual Funds, which runs one of India's largest on-ground agent networks, said the temptation to chase flashy AI for its own sake has to be resisted. "We don't want to get into the FOMO (fear of missing out) factor…because that is where you end up pushing or trying to deliver something that may not be required." His priority is to equip its field force with more relevant and personalised information. "Our core mantra still remains innovation with governance."

Security Bottleneck

Cisco's Chittilapilly said AI is dramatically shortening the lifecycle of cyberattacks. The rapid adoption of unauthorised AI applications or "shadow AI" is emerging as another major enterprise risk because organisations often have little visibility into which AI tools employees are using or what data they are sharing.

Pawan Sharma, chief information security officer at Tata Motors, said organisations must rethink cybersecurity architectures for the AI era. He called for AI systems to be "secure by design", meaning that security must be integrated from the planning stage instead of being added after deployment.

He recommended continuous vulnerability assessments, red teaming, data classification, privileged access controls and AI governance before moving systems into production.

Sharma explained that for 25-30 years, cybersecurity rested on three pillars: software integrity, access management and data protection. AI has added four more—context, explainability, the ability to invoke external tools and autonomous action. AI systems no longer behave predictably. “Earlier you could just imagine what the system will do…Now you have to imagine what the system can do,” he said. Designing for that cannot be left to security teams alone. “Business process owners need to be in the room because the failure of an ecosystem is…a failure of imagination," he said.

Amol Deshpande, chief digital officer at the RPG Group, highlighted the need for discipline over speed. “People, process and technology are the three pillars of successful transformation,” he said. Enterprises must first evaluate business value, redesign processes and prepare employees before deploying AI widely.

Legacy businesses can no longer treat technology spend as a discretionary cost bucket, he said. "The writing is on the wall…You cannot think of a business that will sustain in future without having technology embedded into it, into every aspect of it."

Data Governance

Thakkar of LIC MF said enterprises must pay as much attention to governing data as governing AI models. Organisations need visibility into what data enters AI models, how it is trained and who can access the outputs.

"You need to continuously revisit your resilience mechanisms," he said. "If an AI system goes rogue, are you in a position to plug it out? And if you do, how will your business continue to operate?”

Cisco's Chittilapilly also agreed that resilience is more important than prevention. “The question is not whether bad actors will get in; it is how you manage them once they get in.”

Traditional “best-of-breed” security tools operating independently are no longer sufficient, she said. Instead, integrated security architectures capable of correlating signals across applications, networks, devices and AI models are required.

RPG’s Deshpande also warned about the growing use of synthetic data for AI training and predicted enterprises will increasingly deploy “guardian agents” to monitor other AI agents. “It will be the good agents versus the bad agents,” he said.

Tata Motors’ Sharma highlighted the rise of “bring your own AI” as one of the biggest governance challenges facing enterprises. Employees increasingly experiment with consumer AI tools using enterprise data, often without organisational oversight, he said.

Need for Regulation

Executives said India should avoid rushing into AI regulations, instead look towards a broad, principles-based framework developed jointly by industry and policymakers.

Singh of Reliance Enterprise Intelligence said one of the biggest unanswered questions is accountability when AI systems fail. "If something goes wrong in an AI system, where does the accountability lie? Is it with the organisation, the hyperscaler, the implementer or the orchestration provider? These are still early days and the governance framework has to answer these practical questions."

However, he cautioned against creating separate AI rulebooks for every industry. "There has to be a common set of norms. Some sectors like healthcare and finance may need additional safeguards, but we cannot simply copy and paste regulations from other countries. India's AI governance has to be built for India's ecosystem," he said.

Angel One’s Kenghe argued that industry should not wait for regulators to step in. "The best thing is for participants to regulate themselves. The more the industry regulates itself, the less the regulator has to intervene," he said.

(This article is part of the AI Vantage series, developed in partnership with Cisco)