Indian Banks Face Advanced AI Cyber Threat to Legacy Systems

BANKINGFINANCE
Whalesbook Logo
AuthorVihaan Mehta|Published at:
Indian Banks Face Advanced AI Cyber Threat to Legacy Systems
Overview

India's Finance Secretary M. Nagaraju has warned banks about advanced AI models capable of finding and exploiting system weaknesses. State Bank of India Chairman C.S. Setty noted AI can both help defenders and empower attackers. Banks' reliance on older IT systems makes them vulnerable to wide-reaching cyber threats. In response, banks like Punjab National Bank are increasing cybersecurity budgets, backed by government and regulatory calls for stronger defenses and updated systems.

Instant Stock Alerts on WhatsApp

Used by 10,000+ active investors

1

Add Stocks

Select the stocks you want to track in real time.

2

Get Alerts on WhatsApp

Receive instant updates directly to WhatsApp.

  • Quarterly Results
  • Concall Announcements
  • New Orders & Big Deals
  • Capex Announcements
  • Bulk Deals
  • And much more
Add StocksGet it on Google PlayDownload on the App Store

AI Threat Shifts Focus for Indian Banks

Financial regulators are raising alarms about a critical moment for India's banks. Advanced artificial intelligence models present a growing challenge, forcing a shift beyond standard risk management to focus on the vulnerabilities in aging technology and the urgent need for stronger cybersecurity.

Advanced AI and Growing Cyber Risks

Models like Anthropic's Mythos AI can autonomously find and exploit complex, multi-step system weaknesses. Finance Secretary M. Nagaraju has cautioned the banking sector about the disruptive power of such advanced AI, stating that modern banking risks now extend beyond traditional financial metrics to technological and cyber threats. State Bank of India (SBI) Chairman C.S. Setty agreed, noting AI can bolster defenses but also aid attackers, potentially turning small cyber incidents into widespread threats. This escalating risk is prompting substantial investment; for example, Punjab National Bank (PNB) is boosting its cybersecurity budget by over 50%, allocating about 20% of its technology expenditure, translating to an estimated ₹7 billion to ₹8 billion for the current fiscal year. SBI, a systemically important bank, holds a market capitalization of approximately ₹10.08 trillion to ₹10.11 trillion, with a P/E ratio hovering around 10.8 to 11.93. The bank has also engaged Sattrix Information Security for managed cybersecurity services worth ₹9.3 crore over three years.

Legacy Systems: A Key Vulnerability

Banks' heavy reliance on interconnected networks and older IT systems makes them susceptible to cascading cyberattacks. The window between a software flaw's discovery and its exploitation has shrunk dramatically, from up to 19 days to under 72 hours, leaving institutions with outdated security plans critically exposed. India has already seen the severe impact of cyber threats, with cyber-enabled financial fraud losses escalating to ₹22,845 crore in 2024, a 206% year-over-year increase. Public sector banks (PSBs), which have historically invested less in cybersecurity and reacted slower than private banks, face greater challenges. These banks often use older core systems, leading to higher upgrade costs and risks that could affect investor views.

Regulators Target AI and Data Security

Regulators are working on frameworks for AI in finance. The Reserve Bank of India (RBI) has formed a committee for AI guidelines, requiring explainability, audit trails, and data localization under its 2024 Master Direction on Information Technology Governance. The Securities and Exchange Board of India (SEBI) will also issue advisories on AI risks, stressing that final decisions will be human-led. The Digital Personal Data Protection Act (DPDP) of 2023 mandates data sovereignty, restricting foreign LLM APIs for sensitive personal financial data and pushing banks toward on-premise or local cloud solutions. Vulnerabilities in the wider ecosystem, including third-party vendors and fintech partners, create systemic exposure. This highlights the need for better vendor management and operational resilience, as noted in RBI guidance.

Persistent Risks and Cost Pressures

Despite digital advancements, significant risks remain for Indian banks. SBI has had data breaches in the past, showing vulnerabilities that advanced AI could exploit more effectively. Public sector banks' slower adoption of cybersecurity measures and reliance on legacy systems put them at a disadvantage against agile private sector rivals, widening the gap in threat response. The rapid pace of AI development often outpaces regulation, creating compliance gaps and potential penalties. The large investments needed for IT and cybersecurity upgrades could strain short-term profits and affect investor confidence, particularly for banks slow to modernize.

The Path Ahead for Bank Security

Union Finance Minister Nirmala Sitharaman has urged banks to be more proactive against AI threats, warning that past cybersecurity efforts may be insufficient. This aligns with the RBI's stricter cybersecurity expectations for 2025-26. The focus is on identifying AI attack vulnerabilities and coordinating sector-wide action through the Indian Banks' Association (IBA) mechanism. While upgrades are essential, increased IT spending could pressure short-term financial results, a key factor for investors monitoring modernization efforts.

Get stock alerts instantly on WhatsApp

Quarterly results, bulk deals, concall updates and major announcements delivered in real time.

Add Stocks
Disclaimer:This content is for educational and informational purposes only and does not constitute investment, financial, or trading advice, nor a recommendation to buy or sell any securities. Readers should consult a SEBI-registered advisor before making investment decisions, as markets involve risk and past performance does not guarantee future results. The publisher and authors accept no liability for any losses. Some content may be AI-generated and may contain errors; accuracy and completeness are not guaranteed. Views expressed do not reflect the publication’s editorial stance.