In a rapidly evolving digital landscape, startup founders are increasingly recognizing that cybersecurity is no longer an afterthought but a fundamental business responsibility. With the rise of artificial intelligence (AI)-driven attacks and the implementation of stricter data protection laws, it is imperative for businesses to prioritize their security measures. This shift is underscored by the insights of Akshay Garkel, partner and leader at Grant Thornton Bharat LLP, who emphasizes that the nature of cyber threats has changed dramatically, necessitating a proactive approach to cybersecurity.
Garkel points out that the most advanced cyber attackers already exist, enabled by AI technologies that automate and scale attacks beyond human capabilities. “Attacks don’t get tired,” he notes, highlighting that defenses must also evolve to operate at machine speed. This urgency is echoed in the startup community, where many companies often underestimate the importance of fundamental security practices. Garkel asserts that breaches frequently occur due to overlooked basics like weak configurations, poor access control, and unpatched systems. “Security should be part of how systems are designed from the beginning,” he stresses, advising against the common practice of attempting to add security measures post facto.
The conversation shifts towards the concept of a security perimeter in a cloud-first, API-driven world. Garkel indicates that this perimeter has significantly expanded, now encompassing endpoints, APIs, vendors, partners, and customers. “Many breaches today don’t happen inside the core system but through third-party integrations,” he explains, warning startups to thoroughly understand their third-party risks to grasp their overall security posture.
As digital trust becomes increasingly critical, especially amidst concerns regarding deepfakes and synthetic identities, Garkel highlights that digital trust means users must believe their identity, data, and transactions are secure. “It’s about confidentiality, integrity, privacy, and transparency,” he states, adding that trust is built through secure authentication systems that consistently protect user data. A breach of this trust can lead to hesitance among users to engage with digital platforms.
In light of India’s Digital Personal Data Protection Act (DPDP), Garkel advises startups to take a systematic approach. “The first step is understanding what personal data you collect, where it is stored, and how it moves through your systems,” he explains. Many organizations lack awareness of their data flows, often allowing data to transition from paper to digital without adequate controls. Compliance becomes much easier when privacy and consent mechanisms are designed early in the development process.
Garkel emphasizes that both consumer-facing and direct-to-consumer (D2C) startups face similar cybersecurity responsibilities, regardless of size. “If you collect personal data, you are accountable for protecting it,” he warns, pointing out that even small businesses are at risk if their customer data is compromised. This accountability extends to the security of AI models and training data, where Garkel raises concerns about the ethical use of sensitive data without proper consent, which could lead to legal ramifications under data protection laws.
Addressing the prevalent hype around AI, he cautions that careless data usage poses significant risks. Under DPDP, penalties can reach up to ₹250 crore, and AI should not be regarded as merely a marketing tool. Investors are encouraged to assess whether startups comprehend the implications of compliance and long-term governance in their AI initiatives.
Looking to the future, Garkel sees the necessity for a balanced approach between automation and human oversight in cybersecurity. “Automation is necessary for speed and scale, but humans are still needed for context and decision-making,” he argues. The goal should be to enhance human roles to focus on strategic initiatives rather than repetitive monitoring tasks.
As leaders increasingly leverage AI tools like Copilot or Gemini, Garkel stresses the importance of discipline and caution. “Don’t overshare sensitive information,” he advises, urging leaders to remain vigilant about where their data is stored and how it is utilized. Ultimately, the challenge for startups lies in integrating robust cybersecurity measures into their foundational practices to build lasting digital trust with their users.
See also
Moody’s Predicts Surge in AI Cyber Threats and Regulatory Challenges by 2026
African Firms Lag in AI Cyber Defense as 82% Struggle to Hire Talent, Report Finds
Physical Intrusion Detection Market to Reach $24.6B by 2033, Driven by AI Innovations
AI Agent Security Emerges as Critical Cyber Defense Frontier to Combat Evolving Threats
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
