Artificial intelligence is enabling cybercriminals to carry out sophisticated attacks at “machine speed”, putting offensive cyber capabilities on a faster development curve than the defensive and regulatory mechanisms designed to stop them, according to the Digital Threat Report 2025–26 released by MeitY, CERT-In, CSIRT-Fin and SISA.
The report identifies “AI asymmetry” as one of the biggest cyber risks facing the banking, financial services, insurance (BFSI) and digital payments ecosystem. It says activities that once required specialist teams, significant resources and weeks of planning can now be carried out rapidly by attackers with comparatively fewer resources. This has accelerated offensive cyber capabilities faster than the defensive systems and regulatory measures designed to stop them.
The report also says six of the seven forward-looking predictions made in 2024’s edition have already become reality. It says the time between the emergence of a cyber threat and its exploitation has shrunk dramatically, often from years to just months or even weeks.
Why are AI-powered cyberattacks becoming more dangerous?
According to the report, cyber threats that were once considered emerging, such as social engineering, credential theft, supply-chain compromise and cloud exploitation, have become standard attack methods. The report states the most damaging cyberattacks no longer resemble traditional hacking attempts.
Instead, they often appear as legitimate customer sessions, approved financial transactions, manipulated business workflows or ordinary user behaviour. By the time organisations identify these attacks, the damage has often already occurred.
“The distance between innovation and exploitation has narrowed dramatically, and that single shift changes everything about how our industry must defend itself,” said Dharshan Shanthamurthy, Founder and CEO of SISA.
He said the BFSI industry depends on trust that every transaction is genuine and every payment moves securely through interconnected financial systems. “When that trust is weakened, the impact is never contained to a single breach or a single firm; it ripples across customers, partners, markets, and entire economies,” he said.
Shanthamurthy added that cybersecurity can no longer remain only a technical function. “It has to become central to how institutions grow, innovate, and lead. Every breach leaves behind a lesson, and if we are willing to learn fast enough, those lessons can turn disruption into foresight,” he said.
Recommendations for banks and financial institutions
The report calls for a major shift in the way financial institutions manage cyber risks. It says banks, insurers and payment companies should move beyond periodic security checks and adopt continuous risk assessment, stronger coordination and real-time information sharing.
Dr Sanjay Bahl, Director General of CERT-In, said cyber resilience should become a shared responsibility as India’s financial ecosystem grows more interconnected and technology-driven. “We are pleased to collaborate with SISA for the second consecutive year on the Digital Threat Report for the BFSI Industry,” Bahl said.
“As India’s financial ecosystem becomes more interconnected, real-time and technology-driven, cyber resilience must be treated as a shared responsibility across institutions, regulators and the wider digital supply chain. The report highlights the need to move beyond periodic security interventions towards continuous risk assessment, coordinated response and stronger information sharing,” he said.
The report also introduces a new “Anatomy of Cyber Failure” framework to help organisations understand how modern cyber breaches occur. Instead of viewing a breach as the result of a single mistake, the framework examines how multiple security gaps combine and allow attacks to succeed. It aims to help organisations identify recurring weaknesses and invest in areas that can reduce future risks.
The report also lays out an 18-month roadmap for the BFSI sector. It urges organisations to strengthen basic security controls first, build continuous cyber defence capabilities and eventually adopt more resilient security architectures that can respond to increasingly sophisticated attacks.
Speaking at the launch of the report, MeitY secretary S Krishnan said collaboration between government agencies and industry is becoming more important as cyber threats grow more sophisticated.
“As cyber threats become increasingly sophisticated, trusted partnerships between public institutions and industry are essential to strengthening digital trust. The Digital Threat Report represents a meaningful collaboration among CERT-In, CSIRT-Fin and SISA. This partnership demonstrates how expertise developed in India can contribute both to our national cyber resilience and to advancing cybersecurity knowledge globally,” he said.
The Digital Threat Report 2025-26 draws on digital forensics and incident response research, CERT-In and CSIRT-Fin observations, and research into adversarial AI. It aims to help financial institutions prepare for emerging cyber risks and strengthen the security of India’s banking and digital payments ecosystem.
