AI & Technology

MeitY Releases Digital Threat Report 2025-26 for India’s BFSI Sector

Published

on

New Delhi: The Ministry of Electronics and Information Technology (MeitY) has released the second edition of the Digital Threat Report 2025-26 focusing on cybersecurity challenges affecting India’s banking, financial services, insurance and digital payments ecosystem.

Prepared in collaboration with CERT-In, CSIRT-Fin and cybersecurity firm SISA, the report examines emerging cyber threats, evolving attack patterns and the growing impact of artificial intelligence on financial-sector security.

The assessment combines digital forensics insights, incident response analysis and threat intelligence to help financial institutions, regulators and cybersecurity professionals prepare for increasingly complex attacks.

Cyber Threats Moving Faster From Discovery to Exploitation

A key finding of the report is that six out of seven predictions made in the previous edition have now materialised at a large scale.

The report highlights that the time between the discovery of a cyber vulnerability and its exploitation by attackers is shrinking significantly. Threats that previously developed over years are now becoming operational within months or even weeks.

Methods such as social engineering, credential theft, supply-chain attacks and cloud exploitation have moved from emerging risks to established attack techniques.

The report warns that future cyber incidents may not always appear as traditional hacking attempts. Instead, attackers may operate through seemingly legitimate user accounts, authorised transactions or normal business processes, allowing malicious activity to remain hidden until significant damage occurs.

AI-Powered Attacks Create New Challenges

The report identifies artificial intelligence-driven cyber threats, described as “AI asymmetry”, as one of the biggest emerging risks for financial institutions.

According to the assessment, tasks that once required specialist teams, extensive resources and long preparation periods can increasingly be performed at high speed using AI-powered tools.

This development has created concerns that offensive cyber capabilities may advance faster than traditional security measures and regulatory responses.

SISA founder and CEO Dharshan Shanthamurthy said the gap between technological innovation and cyber exploitation has narrowed, requiring organisations to treat cybersecurity as a strategic priority rather than only a technical function.

CERT-In Calls for Continuous Cyber Resilience

Dr Sanjay Bahl, Director General of CERT-In, said the increasing digital interconnectedness of India’s financial ecosystem requires stronger cooperation between institutions, regulators and technology partners.

He emphasised that cybersecurity cannot rely only on periodic audits or emergency responses. Instead, organisations need continuous monitoring, faster information sharing and coordinated risk management.

MeitY Secretary S. Krishnan also highlighted the importance of collaboration between government bodies and industry stakeholders in strengthening India’s cyber resilience.

Four-Layer Framework Explains Cyber Failures

The report introduces an “Anatomy of Cyber Failure” framework to explain how cyber incidents escalate despite existing security controls.

The framework examines four key areas:

  • System design weaknesses
  • Gaps in security controls
  • Failure to detect warning signals
  • Challenges in organisational response

Rather than viewing breaches as isolated incidents, the model presents cyberattacks as a chain of interconnected failures that can build over time.

The framework is intended to help financial organisations identify vulnerabilities, improve security investments and develop stronger defence strategies.

18-Month Roadmap for Financial Institutions

The report outlines an 18-month cybersecurity roadmap for the financial sector. The plan focuses on strengthening basic security controls, developing continuous monitoring capabilities and building more resilient cybersecurity architectures.

Officials said the report aims to help banks, insurers and digital payment companies anticipate systemic threats and protect public confidence in India’s rapidly expanding digital economy.

Cybersecurity experts believe that improving threat intelligence sharing, adopting advanced detection technologies and maintaining proactive security practices will be essential as cybercriminals increasingly use automation and AI-based methods.

Click to comment

Trending

Exit mobile version