DSCI FinSec Conclave 2026
India's premier financial-sector security gathering returned for its eighth edition at The Westin, Powai Lake โ two days hosted by the Data Security Council of India on how cybersecurity has become a strategic enabler of trust and resilience across an increasingly interconnected, data-rich BFSI landscape. SecComply was in the room.
Cybersecurity as a Strategic Enabler of Trust & Resilience
As digital financial ecosystems expand, FinSec 2026 made the case that the future of financial services will be defined not just by technological sophistication, but by the ability to securely scale and protect interconnected, data-rich platforms. Across two days, banks, neo-banks, insurers, securities firms, and fintechs worked through what that actually demands โ from privacy operationalisation to quantum readiness.
What Made This One Matter
FinSec is one of the few Indian events where the BFSI security conversation is allowed to get specific โ less keynote theatre, more operational reality. Four observations from the two days at Powai.
Privacy Operationalisation Got Real
A year into DPDP, the BFSI conversation has moved from "what does the law require" to "how do we run it across hundreds of systems and vendors." Consent infrastructure, data inventories, and breach-notification readiness dominated the privacy track.
Third-Party & Supply-Chain Risk Front and Centre
With financial platforms now stitched together from dozens of fintech and SaaS partners, supply-chain and third-party risk was treated as a board-level concern โ not a procurement checkbox. TPRM maturity was a recurring theme.
Fraud Defence and Ransomware Readiness
Intelligence-driven SecOps, financial fraud defence, and ransomware readiness-and-recovery were discussed with the candour of teams who have actually had to respond โ recovery time objectives, tabletop discipline, and the cost of getting it wrong.
Quantum and AI Entered the Mainstream Agenda
Quantum in finance and AI/agentic-AI security were no longer the speculative closing panels. They sat alongside RegTech and compliance automation as things BFSI security leaders are actively planning for, not just watching.
From the Conclave
A few moments from two days at The Westin, Powai Lake โ the partner showcase, the venue, and the conversations between sessions.
The Conversations Worth Tracking
Six themes ran through the FinSec 2026 agenda and the hallway conversations. These are the threads we believe will define BFSI security through the rest of the year.
Privacy Operationalisation
Turning DPDP from policy into running infrastructure across BFSI โ consent, purpose limitation, data inventories, and the audit trail to prove it.
Supply Chain & Third-Party Risk
Managing the security of dozens of fintech and SaaS partners stitched into a single financial platform โ and the TPRM maturity it demands.
Financial Fraud Defence
Intelligence-driven SecOps and fraud-defence strategies for an environment where attackers move at the speed of real-time payments.
Quantum in Finance
The post-quantum migration timeline and the cryptographic inventory financial institutions with long data-retention obligations need to start now.
AI & Agentic AI Security
Securing AI as it moves from analytics to autonomous action in finance โ model risk, explainability, and accountability at scale.
RegTech & Compliance Automation
Continuous, automated compliance and evidence collection replacing the once-a-year audit scramble across regulated financial entities.
Who We Met
FinSec's audience is heavily weighted toward the people running security and privacy programmes inside regulated financial institutions. Across the two days, the rooms broke down roughly like this.
What We Took Away
Two days, several panels, dozens of conversations. The themes below are the ones we expect to come back to repeatedly in BFSI engagements through the rest of the year.
Security Has Become a Trust Strategy
The framing across the conclave was unambiguous โ in financial services, security is no longer a cost of doing business but the foundation of customer trust and the licence to scale. Boards are starting to treat it that way.
Privacy Is an Operating Discipline Now
DPDP has moved privacy out of the legal team and into operations. The institutions ahead of the curve are running consent, data mapping, and breach readiness as continuous processes, cross-mapped to global frameworks.
Your Vendors Are Your Risk Surface
As financial platforms become ecosystems of partners, third-party risk is the fastest-growing exposure. Mature TPRM โ continuous, evidence-based, not annual โ is becoming table stakes.
Quantum and AI Are Now Planning Items
Post-quantum cryptography and AI security have crossed from "interesting" to "on the roadmap." For institutions with long retention obligations, the inventory and migration work starts now, not later.