More than 500 delegates from India and abroad gathered in Goa this week for SAMVAAD 2026, the annual conference of CERT-In empanelled auditing organisations, in what amounted to one of the country’s most concentrated discussions on the future of cybersecurity audits and cyber resilience.
Held from April 27 to April 29, 2026, at the BITS Pilani K. K. Birla Goa Campus, the three-day conference brought together a visible leadership core that shaped both its tone and purpose: Hon’ble Chief Minister Dr. Pramod Sawant, Dr. Sanjay Bahl, Director General of CERT-In, Ashutosh Bahuguna, Scientist ‘E’ and Team Lead Assurance, and Dr. Nirupam Mehrotra, Director, Bankers Institute of Rural Development (BIRD), Lucknow, the training arm of NABARD. Their presence signaled that the gathering was not simply a technical event for auditors, but a broader institutional exercise in thinking through India’s cyber preparedness, capacity building and digital governance.
In his inaugural remarks, Pramod Sawant said Goa, long identified with tourism, was now emerging as a hub for cybersecurity as well. Delegates, he said, had come not merely for the state’s scenery but for serious discussions on securing India’s digital future. He also stressed that secure digital systems would be central to the broader vision of Digital India, especially as technologies such as artificial intelligence begin to reshape sectors like banking and healthcare.
The setting mattered. What might once have been treated as a technical gathering of auditors now appeared to carry wider national significance. Cybersecurity audits are increasingly no longer seen as compliance rituals conducted after the fact. They are being repositioned as a first line of institutional defence.
Under Dr. Sanjay Bahl, CERT-In Pushes Audits to the Center of Cyber Resilience
If the conference carried the feel of a technical summit, it also reflected a strategic shift within CERT-In itself.
Under the leadership of Dr. Sanjay Bahl, the agency has been steadily broadening its role beyond reactive incident advisories and emergency response into questions of long-term preparedness, systemic resilience and audit quality. SAMVAAD 2026 was a visible expression of that larger direction. The event did not confine itself to abstract concerns about cyber threats. It focused on how India’s audit ecosystem could upgrade its own methods to match the complexity of modern digital infrastructure.
That ambition took practical form in the launch of AMBAK, short for Audit Monitoring, Benchmarking, Analysis and Kinetic Interventions, a blockchain-enabled cybersecurity audit platform intended to bring greater structure, comparability and accountability to audit processes. Progress reports by working groups in emerging domains were also released during the conference, reinforcing the sense that this was not simply a forum for speeches but a venue for institutional tools and frameworks.
The programme reflected scale as well as intent. Organisers said more than 87 presentations were selected from over 200 submissions, spread across management and technical tracks. The topics ranged widely: cyber risks linked to frontier AI models, automated audits, IoT security, blockchain, post-quantum cryptography, SBOM, CBOM, OBOM and HBOM implementation, supply-chain audits, and the auditing of complex environments such as cloud systems, APIs and operational technology.
That spread of subjects suggested that the challenge facing India’s cyber institutions is no longer merely the number of threats, but their diversity. The audit profession is being asked to keep pace with an ecosystem in which vulnerabilities are increasingly distributed across code, supply chains, infrastructure, AI systems and connected devices.
Capacity Building Emerges as a Parallel National Priority
The conference also made clear that India’s cyber strategy is increasingly tied to training, not only regulation.
A notable development at SAMVAAD 2026 was the introduction of an advanced cybersecurity certification course for Rural Financial Institutions, launched by CERT-In in collaboration with BIRD, Lucknow, the training arm of NABARD. That initiative reflected the recognition that cyber preparedness can no longer remain concentrated in large metropolitan institutions or elite sectors alone.
The move carried a broader message. If cyber resilience is to be national in scope, it must extend to financial institutions beyond the urban core, including those operating closer to the grassroots where digital adoption is accelerating but institutional security maturity often remains uneven.
The same emphasis on capacity building was evident throughout the event’s technical and assurance-oriented discussions. In practical terms, the conference suggested that India’s cybersecurity future may depend as much on who is trained, certified and prepared as on which technologies are deployed.
This was perhaps one of SAMVAAD’s quietest but most consequential arguments: that resilience is not a software setting. It is a capacity that has to be built across institutions, sectors and people.
A Conference About Audits, but Also About the Shape of India’s Digital Future
What emerged over the three days was not simply a discussion about audits in the narrow sense. It was a debate about how India wants to govern digital complexity.
Participants examined topics as varied as the cybersecurity of space assets such as UAVs and satellites, AI-driven red-teaming methodologies, strategic risk management, process automation, resilience testing and audit frameworks for interconnected systems. Panel discussions and technical sessions pointed repeatedly to a shared conclusion: the traditional distinction between audit and defence is growing thinner. In modern digital environments, a weak audit regime is not just an administrative deficiency. It is a security vulnerability.
That is why SAMVAAD 2026 appeared significant beyond the conference hall. It captured a moment in which India’s cyber institutions are trying to move from fragmented defensive action toward something more structured and anticipatory.
The result was a summit that did more than discuss cybersecurity. It treated cybersecurity audits as a way of imagining how India’s digital state, economy and infrastructure might hold together under pressure.
