New Delhi: The adoption of artificial intelligence (AI) and generative AI is increasing the risks to Indian enterprises, who are confronting them within the company, according to a new whitepaper by Protiviti and Microsoft. According to the report, SAFETOD, Safeguarding From Within: Insider Risk Management in India, the BFSI, healthcare, life sciences and IT/ITeS industries are most vulnerable, as these industries are highly dependent on sensitive customer data, intellectual property and vendor networks.

The research concludes that insider risk management is a significant gap, with few institutions having a full enterprise-wide structure. As AI and GenAI provide productivity and innovation, they provide a new path toward data leakage. The report highlights the necessity of Indian firms to institutionalise insider risk management (IRM) at board level, particularly with heightened regulation by regulators under the Digital Personal Data Protection (DPDP) Act and industry requirements by RBI, SEBI and IRDAI.

The research of Microsoft Security Insights indicates that 63 percent of the world’s data breaches include the involvement of insiders in one way. The survey conducted by Protiviti itself also revealed that only a quarter of Indian organisations believe that they are ready to face privacy issues related to new technologies like AI, IoT and blockchain. Risk management continues to grow at a fast pace, with 84 per cent of companies admitting to having gaps in regulating how their employees use generative AI.

The leaders in the industry warn that insider risk management cannot be done as an option anymore. The paper provides an enterprise roadmap, which entails the proper ownership of insider risks by cross-functional committees, categorisation of high-value data, such as UPSI, intellectual property, patient records and extra security. Others that can be recommended are role-based access controls, incident response playbooks that are specific to insiders, and specific training of high-risk functions, including finance, legal, and R&D.

The report highlights that technology is an important enabler; strategy and governance have to be put first. Tools such as Microsoft Purview offer policy templates, privacy-maintaining investigations and audit-capable reporting to facilitate the operationalisation of the IRM programmes. Through the integration of solid internal controls, the Indian enterprises are able to minimise the legal risk, create a digital trust, and turn compliance into a competitive edge within the AI-based economy.