As enterprises across the Asia Pacific accelerate digital transformation, cybersecurity teams are facing a faster and more complex threat environment. AI is now being used on both sides of the equation, helping defenders automate detection and response while also giving attackers new ways to scale phishing, impersonation, credential theft, deepfakes, and social engineering.
This shift is placing more pressure on Security Operations Centers, operational technology environments, and enterprise governance. For organizations in highly digitized markets such as Singapore, cyber resilience is increasingly tied to business continuity, critical infrastructure protection, regulatory expectations, and trust.
In this TNGlobal Q&A, Vaibhav Dutta, Vice President and Global Head, Cybersecurity Products & Services at Tata Communications, discusses how organizations can move from reactive cybersecurity toward predictive security. Drawing on more than two decades of experience across cybersecurity products, managed security services, threat management, identity management, and OT security, Dutta also shares his views on SOC modernization, AI-driven cyber defense, and why employees, governance, and board-level communication remain central to enterprise resilience.
In your previous byline, you discussed the role of AI in automating threat detection. How is this capability now shaping the shift toward predictive security, and what would it take for organizations to modernize the Security Operations Center from a reactive cost center into a more strategic function?
Cybersecurity is shifting from a reactive model to a predictive one as AI becomes increasingly embedded into security operations. Attackers are already using AI to scale phishing, impersonation, and credential theft, which means organizations can no longer rely on manual or rule-based approaches alone.
This is accelerating the evolution of the Security Operations Center (SOC). Modern SOCs are moving beyond alert monitoring toward AI-driven operations that can automatically triage threats, correlate signals across cloud, network, and endpoint environments, and recommend response actions in real time. At Tata Communications, we are seeing how GenAI-powered SOC capabilities can significantly reduce analyst fatigue and improve response times, allowing teams to focus on higher-value decision-making.
However, modernizing the SOC is not simply about deploying more tools. Many organizations still struggle with siloed systems, fragmented visibility, and overwhelming alert volumes. The priority should be building a unified security architecture that combines automation, real-time threat intelligence, and continuous visibility across the enterprise.
As threats become faster and more sophisticated, the SOC is evolving from a reactive cost centre into a strategic resilience function that supports business continuity, trust, and long-term growth. This shift is particularly relevant in APAC markets like Singapore, where highly digitized economies and critical infrastructure sectors depend on always-on digital services. In fact, the Cyber Security Agency of Singapore (CSA) has been actively engaging Critical Information Infrastructure (CII) leaders to reassess and strengthen their cyber risk posture in light of rising AI-enabled threats, underscoring how quickly the risk landscape is evolving.
As IT and legacy operational systems become more connected, why does Operational Technology security still tend to receive less attention than enterprise IT security? How are AI-enabled threats changing the risk profile for OT environments?
As IT and operational technology (OT) environments become increasingly connected, many organizations are discovering that OT security has not evolved at the same pace as enterprise IT security. Historically, OT systems were designed primarily for safety, reliability, and uptime rather than cybersecurity. Many industrial environments still rely on legacy infrastructure that was never built for today’s connected threat landscape.
At the same time, the convergence of IT and OT is expanding the attack surface. Systems that were once isolated are now connected to cloud platforms, remote operations, and third-party networks, creating new pathways for cyberattacks to disrupt physical operations.
In sectors like manufacturing and energy, legacy operational technology environments are now being replaced by intelligent devices, automation systems, and AI tools that generate real-time insights. As OT systems connect more deeply with enterprise IT networks, they gain efficiency and visibility, but also introduce greater complexity and new pathways for cyberattacks that can disrupt physical operations.
In this context, extending SASE principles to the edge is increasingly important, allowing organisations to apply consistent security and network policies across both IT and OT environments without compromising performance.
To manage this evolving risk, organizations need end-to-end visibility, continuous monitoring, identity-based access, and real-time threat detection. Security can no longer sit as a separate IT function — it must be embedded into operational resilience across both digital and physical environments.
You previously emphasized that cybersecurity is also a human challenge. How can organizations move beyond basic compliance training and build a security-first culture where employees become part of the company’s day-to-day defense?
A strong cybersecurity posture is not built by technology alone — it depends on people. Even as organizations invest in advanced tools, many incidents still originate from human actions such as phishing, credential misuse, or simple configuration errors. This is why cybersecurity is increasingly a human challenge, not just a technical one.
Moving beyond basic compliance training requires a shift from “once-a-year awareness” to continuous, context-driven learning. Instead of generic modules, employees need to understand security in the flow of their daily work — how to identify suspicious activity, why certain behaviours are risky, and what role they play in protecting data and systems.
Just as importantly, organizations need to reduce friction. If security processes are overly complex, employees will often find workarounds. Embedding security into identity systems, access controls, and collaboration tools helps make the secure choice the easiest one.
A security-first culture is ultimately built when employees see themselves as active participants in defense, not passive recipients of training. That means reinforcing accountability, encouraging reporting without blame, and ensuring leadership consistently models secure behaviours. Over time, this turns cybersecurity from a compliance requirement into a shared responsibility that strengthens operational resilience across the organization.
When CISOs and technology teams make the case for predictive security, SOC modernization, and OT security investments, how should they communicate value to boards and non-technical stakeholders?
When CISOs make the case for predictive security, SOC modernisation, or OT security investments, the message needs to move beyond technical upgrades and focus on business outcomes. Boards are not evaluating tools — they are evaluating risk, resilience, and continuity.
The most effective way to communicate value is to translate cybersecurity into operational and financial impact. For example, instead of focusing on threat volumes or system capabilities, leaders should highlight what modernisation prevents and enables — reduced downtime, faster detection and response, lower breach impact, and greater confidence in digital operations across cloud, OT, and hybrid environments.
Ultimately, boards respond to clarity and comparability. CISOs who succeed are those who connect cybersecurity to enterprise resilience — showing how security investments reduce uncertainty, protect revenue-generating systems, and enable the organisation to scale digital transformation with confidence. In APAC markets such as Singapore, where regulatory expectations from bodies like CSA and Personal Data Protection Commission (PDPA) are evolving quickly, this alignment between compliance, resilience, and business continuity is becoming even more central to board-level discussions.
As attackers increasingly use advanced AI capabilities, how do you see the balance evolving between AI-driven security systems, human judgment, governance, and organizational culture?
As attackers weaponize agentic AI and deepfakes to launch near-invisible attacks, we are facing an unprecedented crisis of trust within the enterprise. While organizations must aggressively deploy AI-driven security systems to combat these threats at machine speed, technology alone cannot close this trust gap.
In this environment, explainability and human oversight become absolutely non-negotiable; we must deploy auditable AI with strict human checkpoints, model audit trails, and bias testing, as transparency, accountability, and human control to ensure accountability. Simultaneously, we are using AI to transform governance from a manual, time-consuming exercise into an automated, continuous process that enforces frameworks like Zero Trust.
Ultimately, however, the strongest defense comes from a resilient organizational culture that acts as the ultimate firewall. We must move beyond basic compliance training and utilize AI-driven scenario testing to train our employees to think like adversaries, ensuring human judgment remains the critical anchor of our security posture. Across APAC, where deepfake-driven scams and social engineering attacks have risen sharply, this human layer of defence is becoming as critical as technical controls. This is further amplified in the region, where Forrester notes that Asia Pacific has been more heavily impacted by deepfakes than the US and Europe, driven by rapid digital adoption and high digital economy penetration.