
On July 9, EY India launched Cyber Performance Management (CPM), which it describes as the first integrated cyber platform developed by a professional services firm. As Artificial Intelligence (AI) transforms the cybersecurity landscape, professional services firms are increasingly moving beyond advisory into proprietary technology. But does launching an in-house cybersecurity platform put EY in direct competition with established cybersecurity vendors?
Murli Rao, Partner and Cyber Leader at EY India, believes it does not, at least not in the traditional sense.
Responding to a question from Business Today on whether EY's newly launched Cyber Performance Management (CPM) platform would create competition with larger cybersecurity firms, Rao argued that customer priorities have fundamentally changed. Enterprises, he said, are under pressure to reduce costs while dealing with a rapidly evolving threat landscape, making integrated, intelligence-led platforms more valuable than fragmented point solutions.
"We decided around two years back that we will change our DNA from a people-based economics to an intellectual property-based economics," Rao said. "Nobody can compete with us across the spectrum. They can compete in silos."
On July 9, EY India launched Cyber Performance Management (CPM), which it describes as the first integrated cyber platform developed by a professional services firm. The platform combines AI and cybersecurity capabilities to help enterprises identify exploitable vulnerabilities, map attack paths across systems, quantify business risk and translate cyber exposure into financial impact.
According to EY, CPM integrates with more than 50 security tools while allowing organisations to retain data sovereignty and operational control.
The launch comes at a time when AI is fundamentally altering how cyberattacks are carried out. Rao argued that AI has eliminated many of the traditional barriers to launching sophisticated attacks.
"Anybody can launch an attack today. You don't need specialised skills anymore," he said, adding that advances in AI have drastically reduced the time, effort, cost and expertise required to compromise enterprise systems.
This changing threat landscape, he said, requires organisations to rethink how they prioritise cyber risks. Rather than patching every vulnerability individually, CPM he said is designed to identify the single most effective intervention capable of breaking an entire attack chain, an approach Rao called "breaking the patch cycle."
Another challenge facing enterprises is the lack of visibility into their own technology estates. "You cannot defend what you don't know," Rao said, arguing that most organisations still lack a real-time inventory of their hardware, software, APIs and AI assets. Without that visibility, boards cannot accurately quantify cyber risk or determine what business assets are most exposed.
EY said it invested in AI-driven cyber capabilities over the past two-and-a-half years, setting up dedicated engineering teams focused on solving long-standing enterprise cybersecurity problems while building the CPM. Rao said the platform is already deployed across eight Indian clients spanning banking, insurance, manufacturing and pharmaceuticals.
Organisations using CPM have reported a 45-60% reduction in alert noise, 30-50% faster response times, a 50-65% improvement in analyst efficiency, and up to a 55% reduction in total cost of ownership by consolidating multiple security tools onto a single platform, according to EY.
With AI making cyberattacks faster and increasingly autonomous, Rao believes the industry's future lies in platforms that combine cyber intelligence with business decision-making. "Customers are looking for solutions here and now," he said. "That is the shift we are building for."
For Unparalleled coverage of India's Businesses and Economy – Subscribe to Business Today Magazine