The CERT-In directives’ time frames and ambiguities have concerned CISOs, as poor implementation of the directives could divert resources and attention. While the new directives aim to address gaps and loopholes in the country's cybersecurity regulations, CISOs will have to ramp up staffing, tools and reporting to meet the new mandate. The CISOs will also have to deal with incident ambiguities.