From 29 million neutralised cyber threats to AI systems making decisions faster than boards can deliberate — the Directors’ Dialogue 2026 laid bare the new frontline of corporate governance, and why India’s directors can no longer afford to be bystanders.
Cybersecurity, AI Governance, Cyber Resilience, Board Technology, DPDP Act, Digital Trust, SEBI, RBI, IOD 2026, Director Liability
There is a phrase making its way through India’s boardrooms that signals a shift in how governance is understood: “Are we governing AI, or has AI quietly begun governing us?” It was posed at the Directors’ Dialogue 2026 — the Institute of Directors’ Western Region Conclave —as a honest reckoning.
The answer, the conclave suggested, was a deeply pragmatic one. AI was already in the boardroom and, shaping decisions, influencing outcomes, while operating at a speed that outpaced board oversight. The correct question was whether boards are equipped to respond.
The Cyber Threat: From IT Issue to Balance-Sheet Exposure
Dr Sameer Patil of the Observer Research Foundation opened the cyber resilience session with statistics that sharpened the stakes. India’s CERT-In neutralised 29 million threats in the previous year alone. The average cost of a data breach has reached $2.2 million. CEO fraud, digital arrest scams, and attacks timed deliberately for Friday market closings are no longer hypotheticals — they are current board-level realities. The key mindset shift required, he argued, is from prevention to resilience: the question is no longer whether an attack will occur, but how swiftly the organisation recovers and how well it contains the damage.
“Boards must own an AI strategy, understand cyber ratings with the same confidence they bring to credit ratings, and treat resilience as a competitive advantage — one that attracts sophisticated investors and secures better insurance terms.” — Dr Sameer Patil, Director, Centre for Security, Strategy and Technology, Observer Research Foundation
The regulatory environment is moving in lockstep.
Nimitt Jhaveri of Bitscore Cybertech LLP made clear that mandates from SEBI, RBI, and IRDAI are unambiguous: ownership and liability for cybersecurity now sit squarely with the board of directors. Cyber risk ratings — rigorous, outside-in assessments of organisational vulnerability — are already being integrated into credit scoring models, signalling that cyber resilience has become a factor in financial credibility. Just as no board would govern without understanding its credit rating, no board should govern without understanding its cyber risk posture.
Directors at the AI Crossroads
The ‘Directors at the AI Crossroads’ session addressed an even deeper challenge: not just whether boards can defend against AI-enabled threats, but whether they can govern the AI systems their own organisations are deploying.
Dharmarajan Subrahmanian of Impactsure Technologies framed it starkly: the defining crisis is not merely a governance gap, but an understanding gap. AI is not waiting in the wings; it is already shaping decisions at speeds that outpace board deliberation.
In the healthcare sector, this accountability paradox is particularly acute. Ashish Das of Garfield Health Securities (a Kaiser Permanente subsidiary) noted that AI has arrived in clinical contexts where the consequences of error are irreversible. When something goes wrong behind an algorithm, the clinician nearest the decision is questioned first — but the board and institution are ultimately held responsible. “You must know precisely where you are applying AI,” he said, “and govern your processes and controls around it with absolute clarity.”
A fully compliant organisation can still be devastated. What defines us is not whether we are attacked, but how swiftly and completely we recover. – Bhalchandra Bapat, Country Head – India, ExigoTech
But the conclave did not end on alarm. Shourya K Chakravarty, CHRO at Aptech Limited, offered a note of measured optimism: AI creates the fungibility of people — enabling upskilling, redeployment, and human reinvention rather than redundancy. AI may automate workflows with breathtaking efficiency, but it cannot replicate judgment, conscience, or wisdom. The choice of what to do with what AI surfaces remains an irreducibly human responsibility.
The panel’s collective verdict was unambiguous: understanding AI is no longer a competitive advantage for directors. It is the price of admission. Sunmesh Joshi of the Department of Telecommunications reinforced the point from a regulatory perspective — compliance with evolving frameworks such as the DPDP Act is not optional, but foundational. Technology and governance must reinforce each other.
The Institute of Directors is responding to this moment by building the professional development infrastructure that directors need. Through its conclaves, certification programmes, and peer networks, the IOD is ensuring that India’s board community has the language, the frameworks, and the courage to govern in a world where the greatest risks are often invisible — until they are not.
Disclaimer: This article is based on the Cyber Resilience and AI Crossroads sessions from the IOD Western Region Conclave 2026. The Institute of Directors is India’s leading organisation for director development and corporate governance excellence.
