Beyond Infrastructure: Why Cybersecurity Is Now a Board-Level Imperative in the Age of AI

Singapore, April 13, 2026 — In an environment where AI adoption is accelerating at a striking pace, the role of technology leadership is undergoing a structural shift. Across Asia Pacific, cybersecurity is no longer positioned as a technical safeguard beneath operations. It is increasingly tied to how organisations establish trust, manage risk, and sustain long-term growth.

In our recent conversation with Sanjay Yadave, Vice President and Managing Director for Greater Asia at Zscaler, the discussion moved beyond tools and systems. It focuses on how organisations rethink architecture, governance, and decision-making in response to changing patterns of risk and digital activity.

Trust Before Transformation

Sanjay’s leadership perspective is shaped by extensive experience across markets with differing regulatory and cultural environments. Early in his career, he recognised that applying global best practices without adaptation often created friction rather than progress. Reflecting on this, he noted that “progress depends on respecting local regulatory frameworks, political sensitivities, and cultural context.” 

This realisation reframed how transformation should be approached. Rather than beginning with technology, the process starts with understanding business priorities. Sanjay explained that it is critical to “understand their key business objectives” and then work backwards to challenge assumptions and design solutions that are relevant and sustainable. 

Over time, this has shaped a leadership style grounded in context and discipline. As he puts it, “challenging the status quo only works when it is anchored in respect, patience, and consistency.” 

From Customer Responsiveness to Long-Term Stewardship

A defining inflection point came during the early phase of enterprise cloud adoption, when organisations were navigating uncertainty without established frameworks. Sanjay described this period candidly, noting that “we were writing the playbook as we went.” 

In that environment, customer engagement shifted from transactional responsiveness to long-term partnership. Organisations began aligning more closely with regulators, co-designing architectures, and being transparent about trade-offs rather than pushing for speed alone.

This experience reshaped his definition of customer centricity. It became less about reacting quickly and more about building sustainable relationships. As he explained, “customer centricity to me means meeting customers where they are and growing with them, not running ahead of them.” 

The Structural Shift Driven by AI and Distributed Work

The rise of Enterprise AI, SaaS, and distributed operations has introduced a fundamental shift in how digital environments function. According to him, “encrypted AI traffic is continuous, high-volume, and computationally intensive,” placing demands on infrastructure that legacy systems were never designed to handle. 

At the same time, distributed work has expanded the attack surface significantly. A single failure point can cascade across systems, affecting entire organisations. This requires a different architectural mindset, one that assumes breaches may occur and focuses on containment.

The implications extend beyond performance. They influence how organisations think about resilience, latency, and inspection capabilities, making traditional security models increasingly misaligned with modern operations.

The Hidden Risk in Hybrid Environments

Many organisations today operate hybrid environments where legacy systems coexist with modern cloud infrastructure. While this may appear to offer flexibility, it introduces a structural vulnerability.

Sanjay highlighted that traditional VPN architectures extend network access in ways that expose entire systems. Once compromised, attackers are able to move laterally without restriction. This is particularly dangerous in environments where cloud workloads are secured, but legacy access layers remain exposed.

He pointed out that this creates a misleading sense of security. Organisations may believe they are protected because they have modernised parts of their infrastructure, without recognising that “security is only as strong as its weakest access point.” 

Data Sovereignty as a Strategic Consideration

Data sovereignty has become a central issue for organisations operating across Asia, particularly in markets with evolving regulatory frameworks. Sanjay emphasised that sovereignty is no longer limited to data storage. It also includes how data is processed, controlled, and accessed.

In Malaysia, this is reinforced by frameworks such as the Cyber Security Act 2024 and sector-specific regulations like Bank Negara Malaysia’s Risk Management in Technology (RMiT), which elevate data governance to a board-level concern. As he explained, “sovereignty is not just about where data is stored; it also encompasses how data is processed, logged, and who can access it.” 

Local infrastructure plays a critical role in enabling this level of control. It allows organisations to align with regulatory expectations while maintaining performance, and it strengthens trust with stakeholders by ensuring transparency in how data is handled.

Cybersecurity as a Driver of Economic Confidence

Cybersecurity is increasingly influencing how markets are evaluated by investors and global businesses. It has moved beyond its traditional role and now serves as an indicator of a country’s readiness for digital growth. He noted that “cybersecurity has moved well beyond technical safeguard, it has become a precondition for capital attraction and sovereign credibility.” 

This shift has brought discussions around resilience, compliance, and latency into the boardroom. These are now part of investment due diligence rather than operational considerations addressed after deployment.

For countries such as Malaysia, this introduces clear priorities. Developing cybersecurity talent, ensuring regulatory frameworks keep pace with technological change, and building robust security infrastructure are all essential to sustaining momentum as a regional digital hub.

Zero Trust as a Foundation for Modern Systems

As traditional security models become less effective, zero trust architecture has emerged as a critical foundation for modern systems. This is particularly relevant in environments where hybrid infrastructure, cloud applications, and distributed workforces intersect.

Sanjay explained that “the foundational assumption of traditional security has collapsed,” making it necessary to remove implicit trust entirely and replace it with continuous verification.  However, adoption is not without challenges. Many organisations struggle with the scale of transformation required. According to a recent study, 90% of enterprises are actively adopting zero trust, yet many cite the complexity of implementation as a key barrier.

He emphasised that success requires a phased approach. Organisations should start with specific problems, demonstrate value, and expand gradually. Importantly, zero trust should be treated as a business transformation rather than a standalone IT initiative.

Measuring Security by Its Ability to Enable Growth

At its core, the intersection of cloud, AI, and cybersecurity requires a shift in how organisations define success. Security is no longer measured solely by the absence of breaches. It is evaluated by its ability to support growth and innovation.

Sanjay summarised this with a guiding principle: “never trust, always verify.” 

As organisations expand their use of AI and digital platforms, the attack surface continues to grow. This makes continuous verification essential. More importantly, it positions cybersecurity as an enabler rather than a constraint. Organisations that embed security into their architecture from the outset are better equipped to scale confidently, meet regulatory expectations, and build lasting trust with stakeholders.

A Continuing Conversation with Leadership

For finance and technology leaders across Asia Pacific, the implications are clear. The convergence of AI, cloud, and cybersecurity is shaping how organisations operate and compete. To follow Sanjay Yadave’s perspectives on cybersecurity, digital infrastructure, and enterprise transformation, connect with him on LinkedIn.