Trend Micro’s Tickoo on how Indian enterprises can turn employees into cyber defence assets

Human error has long been blamed for the bulk of cyber incidents, but Indian enterprises are beginning to rewrite that narrative—turning employees from security risks into active defenders as cyber threats grow more sophisticated and AI-driven. In a recent conversation with TechCircle, Sharda Tickoo, Country Manager for India & SAARC at security firm Trend Micro, said the persistence of human-led breaches is less about negligence and more about lack of enablement.

“Organisations are realising that employees are not the problem—they are an untapped defence layer,” she said. Companies that have invested in structured cybersecurity awareness programmes, backed by regular phishing simulations, are already seeing lower susceptibility rates and higher levels of threat reporting.

The shift is particularly visible in large Indian enterprises and financial institutions, where frontline employees are increasingly being trained to recognise modern cyber threats and act as the first line of defence. Tickoo pointed to Trend Micro’s cybersecurity awareness initiatives in India, which focus on behavioural change rather than compliance-driven training. These programmes use microlearning, interactive modules and regional language content, including Hindi, to reach diverse workforces. During Cybersecurity Awareness Month in October, the company conducted hands-on drills with frontline banking staff—an approach she said strengthens cyber vigilance at the grassroots level of India’s financial ecosystem.

Culture, not compliance

As cyberattacks evolve through AI, social engineering and deepfakes, organisations are being forced to rethink not just technology, but culture. Tickoo stressed that cyber resilience cannot be built through annual training alone. “Security has to become everyone’s responsibility, not just the IT team’s,” she said, adding that organisations must create environments where employees feel safe reporting mistakes quickly. Speed of response, she noted, matters more than assigning blame.

Leading organisations are embedding security discussions into everyday business processes and tailoring awareness by role. Finance teams are trained to detect business email compromise scams, HR teams focus on safeguarding sensitive employee data, while developers are encouraged to integrate security across the software development lifecycle. Continuous, adaptive learning is increasingly replacing one-size-fits-all compliance programmes.

AI augments the human firewall

Hybrid work and cloud adoption have further blurred the traditional security perimeter, with employees accessing applications across locations and devices. In response, CISOs are being pushed to operationalise “security as a shared responsibility”. Tickoo said Trend Micro is helping enterprises adopt Zero Trust frameworks, where every access request—human or machine—is verified. Its Trend Vision One platform offers unified visibility across endpoints, cloud infrastructure, email, networks and identities, translating technical risk into business impact that leadership teams can act on.

Technology, she added, is also augmenting human decision-making. AI-generated phishing emails and deepfake voice or video scams are now capable of mimicking senior executives with alarming accuracy. Trend Micro uses machine learning models trained on global threat intelligence to detect subtle behavioural and contextual anomalies in real time. Its Deepfake Inspector analyses signals beyond content alone, while its AI assistant helps security teams cut investigation time by more than half by explaining alerts in plain language and guiding threat-hunting efforts.

The human-centric approach is also gaining traction among India’s SMEs and startups, many of which lack large security budgets. Tickoo said smaller firms can build resilience by focusing on fundamentals such as password hygiene, multi-factor authentication, regular updates and basic phishing awareness. “You don’t need enterprise-scale budgets to reduce human risk,” she said.

With India emerging as a global hub for IT services and shared operations, multinational companies are increasingly using their Indian workforce to set global benchmarks in security awareness and incident readiness. Looking ahead, Tickoo believes cybersecurity will be shaped by closer collaboration between humans and machines, positioning security as a business enabler rather than a defensive afterthought.