The Data Security Council of India (DSCI) and Boston Consulting Group (BCG) have released a joint report warning that artificial intelligence is rapidly reshaping the cybersecurity threat landscape for India’s banking, financial services and insurance (BFSI) sector, with cyberattacks increasing in intensity, speed and sophistication.
The report, titled Cybersecurity in the Age of AI: Building a Synchronous BFSI Enterprise, was launched at FINSEC 2026 in Mumbai and is based on a survey of 42 senior Indian BFSI security leaders alongside industry interviews and analysis.
According to the report, Indian BFSI organisations are now experiencing cyber-attacks at 1.6 times the global average, while reported cyber incidents in the country have more than doubled over the last four years, increasing from 1.4 million in 2021 to 2.9 million in 2025. The report also notes that the mean time to contain a breach in India has risen to 263 days.
The findings point to a broader structural shift in cybersecurity driven by AI-powered attacks, where exploit timelines have collapsed dramatically and the cost of launching sophisticated attacks has reduced significantly. According to the report, the average time between vulnerability disclosure and exploitation has fallen from 745 days in 2020 to just 44 days in 2025, while attack costs have dropped by more than 70 per cent.
The report argues that Indian BFSI institutions are now simultaneously facing three interconnected challenges: defending against AI-enabled cyber threats, deploying AI within cyber defence operations, and securing their own AI systems and models.
Vinayak Godse, Chief Executive Officer of the Data Security Council of India (DSCI), said that frontier AI is accelerating the convergence of cyber risk, digital scale and business resilience within the BFSI sector. He noted that the ability to secure AI-driven operations will increasingly define future trust and competitiveness in financial services, while AI-driven autonomous defence systems are expected to reshape how institutions manage cyber risk at scale.
Nisha Bachani, Managing Director and Partner, Boston Consulting Group (BCG), said that AI has fundamentally altered the economics of cyber-attacks by compressing exploit windows and reducing the cost of sophisticated attacks. She added that the asymmetry between attack speed and enterprise remediation cycles is emerging as one of the sector’s biggest operational challenges, particularly for mid-sized financial institutions with growing digital exposure but relatively constrained cybersecurity investments.
The report highlights that 76 per cent of Indian BFSI CISOs now rank AI-enabled attacks among their top four cybersecurity priorities for 2026, while 83 per cent of surveyed organisations are embedding AI into cyber operations. More than 70 per cent of BFSI organisations surveyed have already deployed AI-assisted Security Operations Centre (SOC) capabilities or reached higher levels of AI operational maturity.
At the same time, the report points to persistent readiness gaps. Nearly 70 per cent of CISOs expect AI-enabled threats to have a significant impact within the next 12 months, yet no individual control area in the survey crossed the 50 per cent confidence threshold for readiness against AI-enabled breaches.
The report identifies multiple structural challenges contributing to rising cyber exposure in India’s BFSI ecosystem, including legacy infrastructure, supply chain dependencies, third-party technology concentration, cybersecurity talent shortages, AI-enabled threat automation, software visibility limitations, and increasing geopolitical cyber risks.
Among the major concerns highlighted is the growing systemic risk associated with third-party service providers and interconnected financial infrastructure. The report notes that concentration risk is no longer hypothetical, citing recent incidents where a single shared-vendor breach disrupted services across hundreds of banks simultaneously.
From a governance perspective, the report argues that cybersecurity can no longer remain confined to a standalone security or compliance function. Instead, it calls for what it describes as a “synchronised resilience” operating model, where cybersecurity priorities are aligned across business leadership, technology teams, legal functions, risk management, vendors, regulators and ecosystem partners.
The report further states that Indian BFSI organisations that successfully synchronise cyber resilience across these operational layers over the next 12 to 18 months are likely to emerge with stronger long-term trust, resilience and competitive advantage in an increasingly AI-driven financial ecosystem.