Inspira is a global cybersecurity, data analytics, and AI services provider, offering end-to-end cybersecurity services to diverse industries. In an exclusive interaction, Pritam Shah, Global Practice Head – OT Security and Data Security, Inspira Enterprise, explains to Rajneesh De, Group Editor, CXO Media & APAC Media how Inspira play a critical role in enabling regulatory compliance, while ensuring continuous improvement of cyber resilience and security maturity.
What does DPDP compliance practically mean for banks, insurers, NBFCs, and fintech players?
DPDP Compliance for financial institutions is no longer only related to data collection, but also to the purpose of collecting and providing consent for it. Banks and NBFCs should provide clear disclosure of who will access the data, the kind of access, and why it has been collected and how long it is retained. These institutions are required to obtain consent for access and access revocation by leveraging the consent management platform.
Once the statutory holding period expires, these organizations should have data purging protocols in place. For insurance companies, especially health insurance, compliance is a purpose-based limitation on the usage of data. If insurance companies choose to use data for cross-selling, such as motor or home insurance, consent on how the data will be used across different verticals within the same entity should be explicitly described.
Fintech companies should have consent managers in place that work as intermediaries for providing and revoking permission by implementing the same in the settings of the tech platforms. Each segment within the BFSI sector may have different internal roles, but in general, should match compliance for consent, compliance for data retention, and consent for cross-utilization of data across different business units within the same organization.
Which are the key gaps BFSI firms must urgently address in the following areas: identity, access, encryption, and breach readiness?
One of the biggest gaps across organizations in the BFSI sector is identity, where the environments are overloaded with several identities with little control over them. This has to be addressed by consistently implementing Zero-trust architecture and Role-based access control. Encryption of all data and data masking policies have to be in place across environments.
Monitoring and detection to ensure real-time visibility across hybrid environments should be established. Breach-readiness, response and incident management strategies should be implemented. Incident response teams should be ready to act and contain the breaches within 72 hours as mandated. All stakeholders, including the data fiduciary, the data principal, and relevant government departments, must be notified within the stipulated time in the event of a data breach.
How will DPDP impact vendor risk management and cloud adoption in BFSI?
Under the DPDP Act, data fiduciaries or the BFSI organizations are made accountable for customer data and the processes they deploy for protecting it. Rigorous due diligence on third-party vendors, such as cloud service providers and SaaS platforms, must be conducted prior to onboarding to ensure their ability to comply with the DPDP Act. Continuous monitoring of vendors’ security posture throughout the contract period, and not just during audits, and their data management practices should be made mandatory.
Clear rules on how long vendors can retain data are to be made applicable with restrictions on secondary data usage. Exit management policies, mandatory deletion of data, and proof-of-erasure clauses have to be incorporated. All BFSI organizations must invest in secure cloud architectures to fully realize the benefits of cloud computing, supported by robust vendor risk management, continuous risk monitoring, and comprehensive vulnerability management programs.
What is the cost of non-compliance and the subsequent lessons from global data-protection frameworks?
The penalty for non-compliance with India’s DPDP Act, 2023, is Rs. 250 crore per incident, but the real cost is way above, leading to operational paralysis, reputational damage, and financial losses. This also leads to erosion of trust of customers, giving rise to litigation and remediation costs, which have a much bigger impact on the business. Non-compliant organizations can face frequent audits, further increasing operational costs.
The lessons from global data protection frameworks include the importance of implementing the privacy by design approach, strong proactive data protection measures, and effective data lifecycle management. By being transparent about these measures, organizations can preserve customer trust and confidence. Compliance must be owned at the board level, rather than being delegated solely to IT or legal teams.
Why DPDP should be viewed as a cybersecurity and trust-building opportunity, not just a compliance burden?
DPDP Act brings about a paradigm shift in how BFSI organizations view cybersecurity from a checking-the-box compliance approach toward building cyber resilience. They are compelled to follow better cybersecurity hygiene, apply privacy-by-design to their digital products, and align cybersecurity investments with their business outcomes.
Financial institutions will benefit by placing consent at the core of data processing and going beyond compliance by investing in the right tools and services, while being transparent about it to all stakeholders. Financial organizations that treat the DPDP Act as a strategic program will emerge more resilient, competitive, and earn the trust of customers as compared to those treating it just as a compliance requirement. Organizations should therefore not focus on how to comply in an economical way, but on how intelligent DPDP can be leveraged to become more secure and trusted.
Inspira has built a broad portfolio of cybersecurity and digital resilience solutions. Which offerings are gaining the most traction in India, and what key use cases are customers prioritising today?
We are a global cybersecurity, data analytics, and AI services provider, offering end-to-end cybersecurity services and a strategic partner to diverse industries, including BFSI, healthcare, public sector, manufacturing, ITeS, and retail. Inspira Enterprises’ offerings and use cases that are in demand include Managed Detection and Response (MDR) with the use case threat detection and response, 24/7 monitoring and triaging, and Identity and Access Management with zero-trust adoption. Data Security Services include Database Activity Monitoring (DAM), data loss prevention (DLP), data masking and data encryption, Mobile Device Management, and Compliance Services, specifically SOC services and Incident Response Services, continue to gain traction in India.
Inspira is a recognized leader across these cybersecurity service offerings. For BFSI organizations, prioritizing such services is no longer optional, as few have the in-house resources or specialized skills required to manage the growing complexity of security platforms and tools. Trusted partners like Inspira play a critical role in enabling regulatory compliance, including the DPDP Act, while ensuring continuous improvement of cyber resilience and security maturity.
What are the core pillars of Inspira’s go-to-market strategy for India, and how are you tailoring it to address the country’s diverse enterprise landscape and regulatory environment?
Inspira advocates outcome-led security where there is a tangible outcome for the customers from the services we provide, rather than just providing a check-box for compliance. We are platform-driven, where the AI-component in the managed services enables the detection of unknown threats proactively. Our proprietary iSMART2 framework is an advanced AI-driven platform delivering continuous monitoring, analytics, and actionable insights to mitigate risks and stay ahead of emerging threats. This monitors the overall infrastructure irrespective of who has deployed it.
Our platform integrates with dashboards to ensure visibility to both us as a service provider and CFOs, CTOs, and CISOs at organizations, enabling them to take steps for further improvement. Our tools, in addition to supporting compliance with the DPDP Act, will provide more value. Our managed services and solutions are tailored for large, mid-sized, and small enterprises, ensuring the right investments and the right outcomes. Inspira’s Cyber Fusion Centers provide real-time threat management and ensure regulatory compliance while accelerating digital transformation for different industry verticals.
Can you share a few notable deployments in India where Inspira’s solutions have delivered measurable impact, particularly in strengthening cyber resilience or reducing operational risk?
We are deploying our cybersecurity solutions across leading banks and insurance companies, the manufacturing sector, smaller fintech firms, and several established organizations in the oil and gas sector, including PSUs. Inspira’s solutions are also deployed in the transportation sector, especially at airports. With technology continuously evolving, the requirements for data collection and storage are critical. We are proactive in deploying our solutions, which enable companies to mitigate risks before they escalate.
Based on your experience, how are customer needs shaping Inspira’s solution roadmap and service delivery model going forward?
We provide a single integrated platform for point solutions where all risk metrics are converged in the iSMART2 framework. We monitor and ensure the hygiene of the infrastructure and show the live score of the organization’s cybersecurity posture. Our managed services provide automation and add value to organizations with our faster deployment strategies.
Inspira’s Security programs are mapped directly to business and regulatory outcomes with adherence to DPDP, GDPR, and other global standards. Especially with the recent FTA between India and the EU, the demand is bound to increase, and we are fully prepared to provide services that meet the GDPR standard. We provide AI-driven security operations, resilient-first architecture, and compliance alignment with services delivered. Inspira also ensures our teams stay a step ahead of threats by providing relevant learning and development programs.
The post ‘Inspira Advocates Outcome-led Security through Our iSMART2 AI-driven Platform’: Pritam Shah, Global Practice Head – OT Security and Data Security, Inspira Enterprise first appeared on .
Discussion about this post