MeitY, CERT-In and Industry Partners Unveil New Cyber Threat Report
The report offers an in-depth assessment of the cyber risks affecting the banking, financial services, insurance (BFSI) and digital payments ecosystem.
- Country:
- India
India's financial sector is facing a rapidly changing cyber threat landscape where attacks are becoming faster, more sophisticated and increasingly difficult to detect, according to the second edition of the Digital Threat Report 2025–26 released by the Ministry of Electronics and Information Technology (MeitY), CERT-In, CSIRT-Fin and cybersecurity firm SISA.
The report offers an in-depth assessment of the cyber risks affecting the banking, financial services, insurance (BFSI) and digital payments ecosystem. Built on digital forensics, incident response research, CERT-In and CSIRT-Fin observations, and analysis of adversarial artificial intelligence, it provides financial institutions, regulators and cybersecurity leaders with practical insights into the evolving threat environment.
Speaking at the launch, MeitY Secretary S. Krishnan said stronger collaboration between government agencies and industry is becoming essential as cyber threats grow more advanced. He noted that the partnership behind the report demonstrates how expertise developed in India can strengthen national cyber resilience while contributing to global cybersecurity knowledge.
AI is accelerating attacks as cybercriminals exploit trusted systems
The report's key finding is that six of the seven predictions made in the previous edition have already materialised, highlighting how quickly cyber threats are evolving. The gap between the emergence of a new attack technique and its large-scale exploitation has narrowed significantly, shrinking from years to just months or even weeks.
Methods such as social engineering, credential theft, cloud exploitation and supply-chain attacks have become routine tools for cybercriminals. Many modern attacks no longer rely on obvious system intrusions. Instead, they appear as legitimate user sessions, approved financial transactions or normal business workflows, making them far harder to detect before damage occurs.
The report identifies AI asymmetry as one of the biggest emerging risks for financial institutions. Artificial intelligence is enabling attackers with limited resources to automate activities that previously required skilled teams and significant time, allowing offensive capabilities to develop faster than many defensive systems and regulatory responses.
SISA Founder and CEO Dharshan Shanthamurthy said cybersecurity should now be viewed as a core business priority because every successful attack has consequences that extend beyond a single institution, affecting customers, financial markets and wider economic stability.
Report outlines roadmap for stronger cyber resilience
CERT-In Director General Dr. Sanjay Bahl said India's increasingly interconnected and real-time financial ecosystem requires cyber resilience to become a shared responsibility across financial institutions, regulators and the broader digital supply chain. He emphasised the importance of continuous risk assessment, coordinated incident response and stronger information sharing instead of relying solely on periodic security reviews.
A major feature of this year's report is the Anatomy of Cyber Failure, a four-layer framework that explains how modern cyber breaches typically develop through a chain of interconnected weaknesses rather than a single security lapse. The approach is designed to help organisations identify recurring vulnerabilities, prioritise investments and strengthen their overall security posture.
Looking ahead, the report presents an 18-month roadmap encouraging financial institutions to move beyond strengthening foundational controls and build continuous monitoring capabilities and more resilient cybersecurity architectures that can respond to future threats.
Google News