Advertisement

AI-Driven Cyber Threats Escalate Risks for BFSI Sector in India

There is a new breed of AI-fuelled cyber threat on the rise, and it is a major concern for the BFSI industry. The 2025-26 Digital Threat Report makes plain that India's financial ecosystem must up its game in terms of risk assessment, response and collaboration to keep digital trust intact.

Advertisement
Advertisement

For those with a stake in banking, insurance and payments, the cost of doing business in a high-risk environment is going up. A report from MeitY puts it in stark terms: these are no longer slow-moving problems. AI-driven attacks move at machine speed, which whittles down the time available to spot them and puts a strain on existing defences. In short, where there are holes in your resilience, you will see it in your valuation.

The 2025-26 edition of the Digital Threat Report has put a finger on a change in the market that can be overlooked at one’s peril. Of the seven predictions put forward in 2024-25, six have come to pass. It is a sign of how quickly threats are maturing; what once took years to go from concept to exploitation now happens in a matter of weeks or months.

They call it ‘AI asymmetry’. An attacker with modest means can do in an instant what used to require a room full of specialists and a lot of time. Offence is moving faster than defence and regulation, and the gap is only getting wider.

Why the threat now matters to BFSI

What were once considered fringe risks have become the norm. According to the report, you will find social engineering, stolen credentials and cloud-based exploits as common as anything else in the financial world.

Then there are the intrusions that don’t make a sound. They are not the kind of hacks you see in the movies; they pass for a normal customer session or an approved transaction. Often, by the point an oddity is verified, the damage is already in the books and there is little to be done about it.

Inside MeitY’s warning

This is a joint effort from the Ministry of Electronics and Information Technology (MeitY), CERT-In, CSIRT-Fin and SISA, aimed at the security chiefs and regulators in the banking and insurance space who have to deal with these headwinds.

‘When you look at how close we are to the line between innovation and being exploited, it redefines the way our sector has to put up a fight,’ says Dharshan Shanthamurthy, the founder and CEO of SISA. He is quick to add that when trust in the system is broken, the fallout is felt by everyone from the end customer to the broader economy.

S. Krishnan, Secretary at MeitY, sees the path forward in working together. ‘You need the right kind of relationship between the public side and the industry to hold up digital trust as these threats get more complex.’ He points to the work of CERT-In, CSIRT-Fin and SISA as a good example of how to build on what is known in the field of cybersecurity.

From playbooks to practice: what to change

The report does not mince words in its recommendations. There is a case for institutions to put aside the old habit of periodic reviews in favour of ongoing risk assessment, a more unified way of responding and better information exchange. It is a necessary evolution given how interlinked and live India’s financial system has become.

"Cyber resilience is no longer something one can handle in isolation; it is a collective duty for institutions, regulators and the digital supply chain at large,” said Dr Sanjay Bahl, Director General of CERT-In. “With the ecosystem we have today, you need a steady approach, not just an intervention when the time is right.”

The report puts forward a 4-layer ‘Anatomy of Cyber Failure’ to make sense of this. Instead of pointing fingers at a single error, it shows how a series of small weaknesses can be what lets a breach get out of hand. There is also an 18-month plan of action to put in place sturdier controls and monitoring, and to harden security from the ground up.

All of this is based on hard data: from the kind of work done in digital forensics and incident response, to what CERT-In and CSIRT-Fin have seen, and where adversarial AI is heading in finance. The goal is to be as practical as possible – to make sure capital is put where it is most likely to be needed and to cut down the time between spotting a problem and dealing with it.

What to be on the lookout for

For those in the market looking at BFSI returns on a risk-adjusted basis, here are the tell-tale signs:

– A move toward continuous risk assessment

– Involvement in coordinated responses and open lines of communication

– New monitoring tools being put to work

– The board making cyber trust a priority

– Following the lead of CERT-In, CSIRT-Fin and SISA

The key thing to come away with is the speed differential. An attacker with AI can outmanoeuvre your compliance and control measures in a hurry. So it is not so much the size of the budget that matters as it is the discipline in execution and the willingness to work across industries.

Shanthamurthy would have it that cybersecurity is a strategic asset, not some back-office chore. “It must be at the heart of how we grow and put ourselves out there. You can let a breach be a disruption, or if you learn from it quickly enough, it becomes foresight.”

BFSI boards have less time than before to show they can stand up to these pressures. Those that get to grips with the 'AI asymmetry‘, put the 18-month roadmap into practice and join in on shared defences will be in a stronger position to keep their margins and the confidence of their clients.

In the end, it is about the health of the system, not the odd headline. The ones who will come out ahead are the ones that can see through an attack in plain sight, put together the data and do something about it.

Make no mistake: AI has given the opposition machine-like velocity. Hold on to your periodic checks and you will be left in the dust. As MeitY and others will tell you, being resilient in the BFSI space is an all-hands, always-on affair, and one that should be factored into any investment decision.

Advertisement
Advertisement
Advertisement