AI asymmetry tops cyber risks for Indian financial institutions: Digital Threat Report 2025-26
Synopsis
Key Takeaways
Cybersecurity experts on Monday, 13 July flagged AI asymmetry as one of the most consequential risks confronting India's banking, financial services, insurance (BFSI) and payments ecosystem, warning that capabilities once confined to well-resourced specialist teams can now be deployed at machine speed by comparatively low-resource threat actors. The warning came alongside the release of the second edition of the 'Digital Threat Report 2025–26' in New Delhi.
Key Findings of the Report
The report — jointly released by the Ministry of Electronics and Information Technology (MeitY), the Indian Computer Emergency Response Team (CERT-In), the Computer Security Incident Response Team in Finance (CSIRT-Fin), and global payment-security firm SISA — draws on extensive digital forensics and incident response (DFIR) research, adversarial AI analysis, and observations from both CERT-In and CSIRT-Fin.
Its headline finding is striking: six of the seven forward-looking threat predictions made in last year's edition have already reached full-scale realisation. This rapid progression underscores how the window between a threat's emergence and its operational exploitation has compressed — in some cases from years to mere weeks.
The AI Asymmetry Problem
Experts at the event noted that offensive capabilities are now on a faster development curve than the defensive and regulatory mechanisms designed to contain them. The concern is structural: AI is lowering the barrier to entry for malicious actors while simultaneously raising the complexity of the threat landscape that defenders must navigate.
Dharshan Shanthamurthy, Founder and Chief Executive Officer of SISA, captured the urgency: 'The distance between innovation and exploitation has narrowed dramatically, and that single shift changes everything about how our industry must defend itself.'
What the Government Said
S. Krishnan, Secretary of MeitY, emphasised the value of public-private collaboration in building cyber resilience. 'As cyber threats become increasingly sophisticated, trusted partnerships between public institutions and industry are essential to strengthening digital trust. The Digital Threat Report represents a meaningful collaboration among CERT-In, CSIRT-Fin and SISA,' he said.
Krishnan added that the expertise developed through this initiative contributes not only to India's national cyber resilience but also to advancing cybersecurity knowledge globally.
Shared Responsibility Across the Ecosystem
Dr Sanjay Bahl, Director General of CERT-In, stressed that as India's financial ecosystem grows more interconnected, real-time, and technology-driven, cyber resilience must be treated as a shared responsibility — spanning institutions, regulators, and the broader digital supply chain.
Notably, this is the second consecutive edition of the report, reflecting a maturing institutional commitment to tracking and communicating evolving threats to the BFSI sector. The report is intended to equip financial institutions, regulators, and cybersecurity leaders with an executive-level assessment of the threats reshaping digital finance in India.
What This Means Going Forward
The convergence of AI-enabled offence and lagging defence frameworks points to a structural gap that regulators and institutions will need to close urgently. With six of seven prior-year predictions already materialised, the report's next set of forward-looking scenarios will be closely watched by India's financial and cybersecurity establishment.