New Delhi, May 28 (IANS) India’s banking, financial services and insurance (BFSI) sector is facing cyberattacks at 1.6 times the global average, even as incidents have more than doubled over the past four years, a report showed on Thursday.
A joint report by Boston Consulting Group (BCG) and the Data Security Council of India (DSCI) highlighted that cyber incidents in the Indian BFSI sector rose from 1.4 million in 2021 to 2.9 million in 2025.
It noted that the mean time to contain a breach in India stands at 263 days and continues to rise, highlighting widening challenges in cyber response and remediation.
Mid-sized financial institutions are particularly exposed, as rapid digitisation and deep system interconnections have increased their risk profile to that of larger players, without corresponding levels of cyber investment.
The Indian BFSI sector is undergoing a structural shift, where traditional cybersecurity models are no longer sufficient to address rapidly evolving AI-driven threats, according to the report.
It further stated that institutions must now simultaneously defend against AI-powered attacks, deploy AI for cybersecurity, and secure their own AI systems, describing this as a synchronous security challenge.
“AI has rewritten the economics of cyber risk, compressing the time available for attacks and reducing the cost of launching sophisticated threats, said Nisha Bachani, Managing Director and Partner at Boston Consulting Group and lead author of the report.
However, defence and remediation cycles are still lagging behind, according to her.
She added that the gap between attack speed and response capability is most severe for mid-tier organisations, where risks are high but investments remain constrained.
Vinayak Godse, CEO of DSCI, said frontier AI is accelerating the convergence of cyber risk, digital scale and business resilience in the BFSI sector.
He added that the ability to secure AI-driven operations will define future competitiveness and trust in the financial system.
76 per cent of CISOs now rank AI-enabled attacks among their top cyber priorities for 2026, while 83 per cent are embedding AI into cyber operations, according to the report.
It added that 71 per cent of organisations have reached AI-assisted maturity in security operations centres, with a growing number beginning to adopt autonomous or agentic security systems.
It noted that while regulatory engagement in India has helped build strong cybersecurity baselines, the next phase will require a shift from control-heavy frameworks to a synchronised resilience model across business, risk, legal and technology functions.
The report also recommended stronger collaboration across institutions and regulators to improve threat intelligence sharing and strengthen third-party risk management frameworks.
–IANS
ag/
