AI asymmetry tops cyber risks for Indian financial institutions: Digital Threat Report 2025-26

Share:
Audio Loading voice…
AI asymmetry tops cyber risks for Indian financial institutions: Digital Threat Report 2025-26

Synopsis

Six of seven threat predictions from last year's Digital Threat Report have already materialised — and AI asymmetry is now the defining risk. Offensive cyber capabilities are outpacing defences, with low-resource actors able to strike at machine speed. India's BFSI sector is on notice.

Key Takeaways

The Digital Threat Report 2025–26 was jointly released by MeitY , CERT-In , CSIRT-Fin , and SISA on 13 July in New Delhi .
AI asymmetry is identified as a defining risk: offensive capabilities are advancing faster than defensive and regulatory mechanisms.
Six of seven forward-looking predictions from the previous edition have already reached full-scale realisation.
The threat exploitation window has shrunk from years to months or weeks in several documented cases.
Krishnan and CERT-In DG Dr Sanjay Bahl called for shared cyber resilience across institutions, regulators, and the digital supply chain.

Cybersecurity experts on Monday, 13 July flagged AI asymmetry as one of the most consequential risks confronting India's banking, financial services, insurance (BFSI) and payments ecosystem, warning that capabilities once confined to well-resourced specialist teams can now be deployed at machine speed by comparatively low-resource threat actors. The warning came alongside the release of the second edition of the 'Digital Threat Report 2025–26' in New Delhi.

Key Findings of the Report

The report — jointly released by the Ministry of Electronics and Information Technology (MeitY), the Indian Computer Emergency Response Team (CERT-In), the Computer Security Incident Response Team in Finance (CSIRT-Fin), and global payment-security firm SISA — draws on extensive digital forensics and incident response (DFIR) research, adversarial AI analysis, and observations from both CERT-In and CSIRT-Fin.

Its headline finding is striking: six of the seven forward-looking threat predictions made in last year's edition have already reached full-scale realisation. This rapid progression underscores how the window between a threat's emergence and its operational exploitation has compressed — in some cases from years to mere weeks.

The AI Asymmetry Problem

Experts at the event noted that offensive capabilities are now on a faster development curve than the defensive and regulatory mechanisms designed to contain them. The concern is structural: AI is lowering the barrier to entry for malicious actors while simultaneously raising the complexity of the threat landscape that defenders must navigate.

Dharshan Shanthamurthy, Founder and Chief Executive Officer of SISA, captured the urgency: 'The distance between innovation and exploitation has narrowed dramatically, and that single shift changes everything about how our industry must defend itself.'

What the Government Said

S. Krishnan, Secretary of MeitY, emphasised the value of public-private collaboration in building cyber resilience. 'As cyber threats become increasingly sophisticated, trusted partnerships between public institutions and industry are essential to strengthening digital trust. The Digital Threat Report represents a meaningful collaboration among CERT-In, CSIRT-Fin and SISA,' he said.

Krishnan added that the expertise developed through this initiative contributes not only to India's national cyber resilience but also to advancing cybersecurity knowledge globally.

Shared Responsibility Across the Ecosystem

Dr Sanjay Bahl, Director General of CERT-In, stressed that as India's financial ecosystem grows more interconnected, real-time, and technology-driven, cyber resilience must be treated as a shared responsibility — spanning institutions, regulators, and the broader digital supply chain.

Notably, this is the second consecutive edition of the report, reflecting a maturing institutional commitment to tracking and communicating evolving threats to the BFSI sector. The report is intended to equip financial institutions, regulators, and cybersecurity leaders with an executive-level assessment of the threats reshaping digital finance in India.

What This Means Going Forward

The convergence of AI-enabled offence and lagging defence frameworks points to a structural gap that regulators and institutions will need to close urgently. With six of seven prior-year predictions already materialised, the report's next set of forward-looking scenarios will be closely watched by India's financial and cybersecurity establishment.

Frequently Asked Questions

What is the Digital Threat Report 2025-26?
The Digital Threat Report 2025-26 is the second edition of a joint cybersecurity assessment covering India's banking, financial services, insurance, and payments ecosystem. It was released on 13 July by MeitY, CERT-In, CSIRT-Fin, and SISA, drawing on digital forensics research and adversarial AI analysis.
What is AI asymmetry and why does it matter for banks?
AI asymmetry refers to the growing gap where offensive cyber capabilities — powered by AI — are advancing faster than the defensive tools and regulations designed to counter them. For financial institutions, this means low-resource threat actors can now execute attacks at machine speed that previously required specialist teams and significant resources.
How many of last year's threat predictions came true?
Six of the seven forward-looking predictions made in the first edition of the Digital Threat Report have already reached full-scale realisation, according to the 2025-26 report. This signals a dramatic compression in the time between threat emergence and operational exploitation.
Who released the Digital Threat Report 2025-26?
The report was jointly released by the Ministry of Electronics and Information Technology (MeitY), the Indian Computer Emergency Response Team (CERT-In), the Computer Security Incident Response Team in Finance (CSIRT-Fin), and SISA, a global cybersecurity firm specialising in payment ecosystems.
What did CERT-In's Director General say about cyber resilience?
Dr Sanjay Bahl, Director General of CERT-In, said that as India's financial ecosystem becomes more interconnected and technology-driven, cyber resilience must be treated as a shared responsibility across institutions, regulators, and the wider digital supply chain.
Nation Press
The Trail

Connected Dots

Tracing the thread behind this story — newest first.

8 Dots
  1. Latest 1 month ago
  2. 1 month ago
  3. 2 months ago
  4. 6 months ago
  5. 11 months ago
  6. 1 year ago
  7. 1 year ago
  8. 1 year ago
Google Prefer NP
On Google