Q: You’ve said cybersecurity is more than just a tech issue. What’s the biggest misconception companies still have?
Sumit Aneja: Many leaders understand cybersecurity is important, but they underestimate how fragile their systems truly are, especially in small and mid-sized businesses. Too often, security is treated as a one-time software purchase rather than an ongoing discipline embedded into operations. The reality is that a single oversight, whether it is a malicious insider or an employee clicking the wrong link, can compromise an entire organization. In today’s regulated industries, cybersecurity must be foundational to governance, risk, and compliance, not an afterthought.
Q: What’s the primary failure point for most businesses when it comes to security?
Sumit Aneja: Insider threats, both malicious and unintentional, remain the single biggest vulnerability. Many SMBs invest in compliance tools like HIPAA or ISO frameworks but fail to train staff to adapt and use them effectively. Now, with AI adoption accelerating, employees are unknowingly feeding sensitive data, including PII, into AI tools and cloud platforms without safeguards. Without proper identity, access, and data protection layers, these gaps become high-value targets.
Q: How do you see the rise of AI reshaping both the threat landscape and the solutions we use?
Sumit Aneja: It is multiplying threat vectors overnight, creating risks at a scale and speed we have never seen before. Defending against these requires using AI as well, deploying machine learning-driven detection, automated remediation, and continuous monitoring. AI-driven managed detection and response will become table stakes, enabling organizations to identify vulnerabilities in near real time and close them before they are exploited. In the GRC+Security space, this means integrating AI into governance workflows, not just perimeter defense.
Q: You mentioned that human error will never be fully eradicated. Why do you believe that?
Sumit Aneja: Humans will always be unpredictable. Sometimes it is a genuine mistake. Other times, it is emotion, such as frustration, anger, or desperation, leading someone to do something they regret. And with so many people working remotely, using personal devices, and juggling multiple jobs, there are more variables than ever. You cannot eliminate the human element, but you can design systems and processes that limit the damage when it happens.
Q: How do you envision the future of cybersecurity in 10 years?
Sumit Aneja: The threats will get smarter, faster, and harder to detect. Quantum computing, for example, could make current encryption methods useless in seconds. We will build better defenses, but the attackers will evolve too. Cybersecurity will never be “solved.” It will be a constant cycle of adaptation. For most organizations, the challenge will be keeping pace without unlimited budgets or in-house security teams.
Q: You’ve shared a few phishing examples from your own experience. What can we learn from those moments?
Sumit Aneja: In one of my previous roles, one of our employees got an email from “me.” It had my name, but the underlying email was fake. It asked him to buy $100 Amazon gift cards, scratch off the codes, and email them over because I was “in a meeting.” He bought the cards and showed up at my office. We ended up giving them out to employees as a morale booster, but it could’ve been worse. Another time, HR got a spoofed email asking to change someone’s payroll account. Luckily, they double-checked. These are things happening every day. Most people just aren’t trained to catch them. The lesson is simple. People need to be trained to pause, verify, and question things, even if they appear to come from inside the company.
Q: What’s your biggest piece of advice to CEOs who are thinking about cybersecurity today?
Sumit Aneja: Make it a leadership priority, not just an IT issue. Cybersecurity impacts customer trust, reputation, and revenue. A breach can erase years of growth in days. CEOs should have clear visibility into their security posture and make sure the right expertise is in place, whether in-house or outsourced. Think of it as protecting the business you have built, not just protecting your data.
Follow Sumit’s Journey
Who Is Sumit Aneja?
Sumit Aneja is the Founder and Managing Partner of Gulmohar Capital Partners, where he helps software and services companies realize their full growth potential. He is also Co-Chairman of the Board of Directors at CurrentWare Inc., guiding the company’s strategic direction. Previously, Sumit served as CEO of Voxco, leading the company through significant growth initiatives before its sale to a private equity fund. Passionate about scaling businesses, he focuses on building strong teams and driving sustainable market expansion.