New Delhi: The Ministry of Electronics and Information Technology has released the second edition of the Digital Threat Report 2025-26 for India’s banking, financial services, insurance and payments ecosystem in collaboration with CERT-In, CSIRT-Fin and cybersecurity firm SISA.
The report provides financial institutions, regulators and cybersecurity leaders with an assessment of emerging threats affecting banking, insurance and digital payments. It draws on digital forensics and incident response research, observations from CERT-In and CSIRT-Fin, and analysis of adversarial artificial intelligence.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
Six of Seven Earlier Predictions Reach Full-Scale Realisation
A central finding of the report is that six of the seven forward-looking predictions made in the previous edition have already reached full-scale realisation. According to the report, the period between the emergence of a cyber threat and its operational exploitation is shrinking from years to months or even weeks.
Threats once regarded as emerging or occasional, including social engineering, credential theft, supply-chain compromise and cloud exploitation, have now become established attack methods.
The report warns that damaging cyberattacks may no longer resemble conventional intrusions. They can appear as legitimate user sessions, approved payments, manipulated workflows or ordinary activity, making them difficult to identify until financial or operational damage has already occurred.
Addressing the launch, MeitY Secretary S. Krishnan said cooperation between public institutions and industry was essential as cyber threats became increasingly sophisticated. He said the collaboration among CERT-In, CSIRT-Fin and SISA demonstrated how expertise developed in India could strengthen national cyber resilience and contribute to global cybersecurity knowledge.
AI Asymmetry Emerges as a Major Financial-Sector Risk
The report identifies “AI asymmetry” as a defining risk facing financial institutions. It says activities that previously required specialist teams, substantial resources and weeks of work can increasingly be carried out at machine speed by threat actors with comparatively limited resources.
This shift is placing offensive cyber capabilities on a faster development path than many defensive and regulatory mechanisms designed to contain them.
SISA founder and chief executive Dharshan Shanthamurthy said the gap between innovation and exploitation had narrowed sharply, changing how the industry must approach defence. He said cybersecurity could no longer remain at the edge of business as a technical control function and must become central to institutional growth, innovation and leadership.
Dr Sanjay Bahl, Director General of CERT-In, said cyber resilience must be treated as a shared responsibility as India’s financial ecosystem becomes more interconnected, real-time and technology-driven.
He said the report highlighted the need to move beyond periodic security interventions towards continuous risk assessment, coordinated response and stronger information sharing across institutions, regulators and the wider digital supply chain.
Four-Layer Framework Maps How Cyber Breaches Escalate
The report introduces an “Anatomy of Cyber Failure” framework designed to explain why established security controls can fail under real-world pressure.
The four-layer framework examines the conditions that allow breaches to escalate rather than treating each incident as a single lapse. It presents modern cyberattacks as chains of compounding weaknesses that can emerge across system design, control enforcement, detection signals and institutional response.
The framework is intended to help organisations identify recurring weaknesses, prioritise systemic risks and direct cybersecurity investments towards areas with the greatest potential impact.
The report also sets out an 18-month roadmap for financial institutions. It begins with strengthening foundational controls, moves towards building continuous capabilities and concludes with the development of more resilient security architectures.
MeitY said the report was intended to help financial institutions anticipate systemic risks, improve operational resilience and protect trust in India’s digital financial infrastructure.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
