Indian BFSI sector faces cyberattacks at 1.6 times global average: Report
New Delhi, May 28
India's banking, financial services and insurance sector is facing cyberattacks at 1.6 times the global average, even as incidents have more than doubled over the past four years, a report showed on Thursday.
A joint report by Boston Consulting Group (BCG) and the Data Security Council of India (DSCI) highlighted that cyber incidents in the Indian BFSI sector rose from 1.4 million in 2021 to 2.9 million in 2025.
It noted that the mean time to contain a breach in India stands at 263 days and continues to rise, highlighting widening challenges in cyber response and remediation.
Mid-sized financial institutions are particularly exposed, as rapid digitisation and deep system interconnections have increased their risk profile to that of larger players, without corresponding levels of cyber investment.
The Indian BFSI sector is undergoing a structural shift, where traditional cybersecurity models are no longer sufficient to address rapidly evolving AI-driven threats, according to the report.
It further stated that institutions must now simultaneously defend against AI-powered attacks, deploy AI for cybersecurity, and secure their own AI systems, describing this as a synchronous security challenge.
"AI has rewritten the economics of cyber risk, compressing the time available for attacks and reducing the cost of launching sophisticated threats, said Nisha Bachani, Managing Director and Partner at Boston Consulting Group and lead author of the report.
However, defence and remediation cycles are still lagging behind, according to her.
She added that the gap between attack speed and response capability is most severe for mid-tier organisations, where risks are high but investments remain constrained.
Vinayak Godse, CEO of DSCI, said frontier AI is accelerating the convergence of cyber risk, digital scale and business resilience in the BFSI sector.
He added that the ability to secure AI-driven operations will define future competitiveness and trust in the financial system.
76 per cent of CISOs now rank AI-enabled attacks among their top cyber priorities for 2026, while 83 per cent are embedding AI into cyber operations, according to the report.
It added that 71 per cent of organisations have reached AI-assisted maturity in security operations centres, with a growing number beginning to adopt autonomous or agentic security systems.
It noted that while regulatory engagement in India has helped build strong cybersecurity baselines, the next phase will require a shift from control-heavy frameworks to a synchronised resilience model across business, risk, legal and technology functions.
The report also recommended stronger collaboration across institutions and regulators to improve threat intelligence sharing and strengthen third-party risk management frameworks.
— IANS
Reader Comments
As someone working in a small insurance firm, I can totally relate. We're adopting digital tools quickly, but our IT budget is peanuts compared to big banks. The report's recommendation for industry-wide threat intelligence sharing is spot on – we need a collective defence approach. But who will fund it? Government and industry bodies must step up. 🤔
Having worked in cybersecurity for years, I can say this is a global challenge, not just Indian. But the speed of digitisation in India has outpaced security maturity. The shift from "control-heavy frameworks" to "synchronised resilience" is essential. However, mid-tier firms need more than just recommendations – they need subsidised cybersecurity tools and training. 🇮🇳
I've been a victim of a phishing attack last year – it was through a fake SMS that looked like it was from my bank. While the bank refunded the amount after 45 days, the stress was immense. Banks need to invest more in customer education and real-time fraud detection. AI can help, but only if deployed wisely. 🙏
The report mentions 76% of CISOs prioritising AI-enabled attacks – but is AI the solution or the problem? I worry that smaller firms might adopt AI-based security without proper understanding, creating more vulnerabilities. India needs a national cyber drill programme for BFSI, like the mock drills for financial emergencies. Stronger collaboration between RBI and private players is the need of the hour. 🔒
A balanced view from
We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.