India's Ministry of Electronics and Information Technology (MeitY) warns that artificial intelligence is enabling faster, more sophisticated cyberattacks on banks and insurance companies. This shift requires financial institutions to move beyond periodic security checks toward continuous, real-time monitoring to protect customer data and digital infrastructure.
The Ministry of Electronics and Information Technology (MeitY) has issued a warning regarding the rising threat of artificial intelligence (AI) in cyberattacks targeting India's banking, financial services, insurance, and payments sectors. According to the Digital Threat Report 2025-26, AI is allowing malicious actors to perform complex attacks at machine speed, often moving faster than existing defensive technologies and current industry regulations can handle.
The report, which involved collaboration between MeitY, the Indian Computer Emergency Response Team (CERT-In), CSIRT-Fin, and cybersecurity firm SISA, points to a phenomenon called AI asymmetry. This occurs when attackers use AI tools to execute high-level breaches with minimal resources, creating a significant imbalance against financial institutions that are still relying on traditional, periodic security updates. The findings are based on extensive digital forensics and an analysis of how adversaries are currently adapting their tactics.
Moving Beyond Traditional Security
Financial institutions are facing a reality where common threats like credential theft, supply-chain compromises, and social engineering—where attackers manipulate individuals to gain confidential information—have become mainstream. The report notes that most predictions made in the previous year’s analysis have already materialized, indicating that the pace of technological evolution in cyberattacks is accelerating.
To address these risks, the report introduces a new 4-layer gap archetype framework, which helps institutions understand how small weaknesses can combine to create large-scale security breaches. The ministry suggests that financial companies need to transition from viewing cybersecurity as a periodic compliance requirement to adopting a model of continuous, real-time monitoring.
Roadmap for Financial Institutions
The government has laid out an 18-month roadmap for the financial sector to upgrade its security posture. This plan focuses on three core areas: hardening foundational controls, maintaining continuous monitoring of digital systems, and building more resilient security architectures that can adapt to new, AI-enabled threats.
For investors and market observers, the primary monitorable will be how quickly banks and financial companies integrate these security frameworks into their daily operations. As digital transactions continue to grow across India, the ability of these institutions to prevent breaches will be a key factor in maintaining long-term operational stability and customer trust. Future updates from CERT-In and regulatory bodies will be important to track, as they may lead to more stringent cybersecurity mandates for all participants in the financial ecosystem.
