As manufacturing embraces Industry 4.0, cybersecurity is as critical as efficiency. In an exclusive interaction with DH, Vijay Balakrishnan, Chief Digital and Information Officer, Godrej Enterprises Group, explains how the company secures factories, supply chains, and people against evolving threats.

Cybersecurity in manufacturing is often about protecting not just data but also production lines. How is Godrej Enterprises Group approaching security for operational technology systems that run factories?

Cybersecurity is a board-level priority at Godrej, with regular reviews and investments aligned to our long-term digital strategy. We ensure cross-functional collaboration between IT, manufacturing, and leadership teams to drive alignment and accountability across the organisation.

We have implemented a holistic cybersecurity programme that addresses both current and emerging cyber risks. This programme extends to our Operational Technology (OT) system, critical components that have powered our manufacturing for decades.

Unlike IT systems, OT environments prioritise availability over confidentiality. These systems often operate in the background, invisible to most users, but they are the backbone of our production infrastructure. 

With the rise of Industry 4.0, connected machines, IoT sensors, and smart factories — the attack surface is expanding. What are the biggest vulnerabilities you see in manufacturing today?

One of the biggest challenges in manufacturing today is that OT systems were never designed with cybersecurity in mind. Many of these machines run on outdated operating systems, because unlike IT systems, they don’t go through regular refresh cycles. Some of them have been running for decades. On top of that, OEMs often need remote access for maintenance, which opens the door to significant risks. And when you talk about upgrading OT controllers or systems, the costs are high—it usually requires OEM support and heavy investment.

Now, as factories are becoming smarter, IT and OT networks are converging. That convergence has only increased the attack surface, making OT security a top priority for us at Godrej. To manage these risks, we follow the Purdue Enterprise Reference Architecture, which is a foundational framework for securing industrial control systems. We are also exploring AI-driven threat detection and predictive maintenance, so we can anticipate issues before they hit us.

Ransomware and supply-chain attacks are becoming more common globally. How do you guard your supply chain?

We’ve built a structured third-party risk management process. Vendors go through detailed security assessments so we know exactly where they stand. Identity and access governance is tight—we control not just the technology, but the people and processes around it. Before any third-party system is integrated, we mandate vulnerability assessments and penetration tests. And finally, we make sure our legal contracts are watertight, with explicit cybersecurity clauses built in.

The way we see it, resilience comes from being both practical in the present and prepared for the future. That’s the philosophy driving our OT and supply-chain security.

Many employees on the shop floor may not be trained in digital practices. How do you build a culture of cybersecurity awareness across such a diverse workforce?

We believe that building a cyber-aware culture is essential for long-term resilience, so we’ve invested in multiple initiatives to make sure the message reaches everyone, from the factory floor to senior management.

Each year, we conduct more than 30 in-person training sessions that reach around 2,500 users across our manufacturing facilities. Alongside these, we share regular emailers on cybersecurity, privacy, and OT-specific threats, ensuring that employees are consistently reminded of the risks in simple, accessible language.

We host expert-led talks and mandatory simulation-based e-learning, reinforced with regular phishing drills. To keep employees engaged, we’ve gamified the training, which boosts participation and retention.

Regulation is tightening in India with the DPDP Act and global frameworks like NIS2. How do you balance compliance with the need for speed and innovation in manufacturing?

Our focus is not just on meeting the letter of the law, but also on embedding respect for privacy rights and protecting the personal data of customers, employees, children, and other stakeholders. Even though the final rules are still being defined, we already have a structured roadmap in place, which includes gap analysis and readiness planning.

At the corporate level, we’re keeping a close eye on regulatory developments, both in India and globally, and engaging actively with industry privacy forums. This helps us stay ahead of compliance requirements while continuing to innovate in manufacturing.