India’s banking, financial services, and insurance (BFSI) sector is experiencing cyberattacks at a rate 1.6 times higher than the global average, with incidents more than doubling over the past four years, as per a recent report. The joint study by Boston Consulting Group (BCG) and the Data Security Council of India (DSCI) revealed that cyber incidents in the Indian BFSI sector surged from 1.4 million in 2021 to 2.9 million in 2025.
The report highlighted that the average time to contain a breach in India is 263 days and is on the rise, indicating growing challenges in cyber response and remediation. Mid-sized financial institutions are particularly vulnerable due to rapid digitization and complex system interconnections, elevating their risk levels to those of larger players without a proportional increase in cyber investments.
The BFSI sector in India is undergoing a transformation where traditional cybersecurity approaches are no longer adequate to combat the evolving AI-driven threats, the report emphasized. It further noted that organizations must now defend against AI-powered attacks, utilize AI for cybersecurity, and secure their AI systems simultaneously, presenting a synchronized security challenge.
Nisha Bachani, Managing Director and Partner at Boston Consulting Group and lead author of the report, stated that AI has altered the dynamics of cyber risk, reducing the time available for attacks and the cost of launching sophisticated threats. However, she pointed out that defense and remediation processes are lagging behind, especially for mid-tier organizations facing high risks with limited investments.
Vinayak Godse, CEO of DSCI, highlighted that cutting-edge AI is hastening the convergence of cyber risk, digital scale, and business resilience in the BFSI sector. He emphasized that the ability to safeguard AI-driven operations will determine future competitiveness and trust within the financial system. The report also revealed that a significant percentage of Chief Information Security Officers (CISOs) prioritize AI-enabled attacks as a top cyber concern for 2026, with many integrating AI into their cyber operations.
Regulatory engagement in India has laid a strong foundation for cybersecurity, but the next phase necessitates a shift towards a synchronized resilience model encompassing business, risk, legal, and technology functions. The report recommended enhanced collaboration among institutions and regulators to bolster threat intelligence sharing and fortify third-party risk management frameworks.
