Here’s what Simarpreet Singh of Upwind thinks is the biggest gap for Indian enterprises today

Indian enterprises are confronting a new class of cybersecurity risks, many of which stem less from sophisticated attackers and more from their own blind spots. As companies accelerate digital transformation and cloud adoption, a fundamental vulnerability is emerging which they often don’t fully know what they need to protect.

“The biggest gap is visibility,” said Simarpreet Singh, Country Manager, India & SAARC at Upwind, a runtime-first cloud security company headquartered in California, adding that enterprises today have massive infrastructure, but lack clarity on what is running where. If you don’t have that visibility, you can’t protect it.”

This challenge has been amplified by the rapid shift to cloud. While adoption in India picked up meaningfully during the pandemic in 2020 when companies rushed to ensure remote access and business continuity, it often happened without adequate governance, which resulted in ballooning cloud bills, fragmented systems, and limited control over identities and access. Increasingly, enterprises are now reassessing their approach, with hybrid models gaining traction as they try to balance scalability with control.

MUST READ: BT Explainer: OpenAI’s GPT-5.5 brings autonomy into focus, takes on Anthropic's Mythos

At the same time, the threat landscape itself is evolving. Supply chain attacks, vulnerabilities in open-source ecosystems, and breaches targeting critical infrastructure such as healthcare are on the rise. The entry of AI into this mix is compounding risks. Tools powered by large language models are lowering the barrier for attackers, enabling them to identify vulnerabilities and execute attacks faster and at scale. “What once took time—understanding systems, escalating access — can now be significantly compressed,” Singh noted.

Upwind entered India in March this year following a $250 million fundraise led by Bessemer Venture Partners. For Singh, the immediate priority is to scale the company’s presence in a market where cybersecurity maturity remains uneven but is evolving rapidly.

MUST READ: AI Governance Gap: 30% of firms face security incidents despite awareness, study finds

Large, regulated sectors such as banking and telecom are being pushed by regulators to strengthen controls. But in many mid-sized and unregulated enterprises, security is still treated as a secondary priority, often addressed only after a breach.

That mindset, however, is beginning to shift. Cybersecurity is gradually moving from being seen as a cost centre to a business enabler, explains Singh. Beyond preventing losses, it is increasingly linked to brand trust, customer retention, and long-term value creation.

With India’s digital economy expanding rapidly, the gap between cybersecurity adoption and preparedness is becoming harder to ignore. For enterprises, the next phase of growth will depend not just on how fast they scale technology, but how securely and safely they do so.