. NEW DELHI: Six of the seven emerging cyber threats predicted for banks and financial institutions barely a year ago have already reached full-scale realisation, with artificial intelligence, stolen identities and manipulated payment workflows enabling attacks that increasingly resemble legitimate activity, India’s second Digital Threat Report for the BFSI sector has warned.The Digital Threat Report 2025-26, released by electronics and IT secretary S Krishnan, says the traditional progression of a cyber threat — from research and experimentation to large-scale exploitation — is breaking down. Threats are now being operationalised in months or even weeks, allowing attackers to innovate, scale and monetise faster than many financial institutions can respond.The report, prepared jointly by CERT-In, CSIRT-Fin and cybersecurity firm SISA, says social engineering, credential theft, supply-chain compromise and cloud exploitation, which were considered emerging or episodic risks in the previous edition, are now established attack methods. Only quantum risk among the seven predictions has not reached full-scale realisation, though “harvest now, decrypt later” strategies are already active.Its central concern is that the most damaging cyberattacks may no longer look like breaches. They can surface as authenticated user sessions, approved payments, routine account activity, compromised vendor actions or apparently normal business workflows, remaining indistinguishable from genuine transactions until the damage has occurred.The report groups the evolving risks into three broad clusters — AI and human deception, software and systems, and infrastructure and economy.Under AI and human deception, it flags industrial-scale deepfakes, synthetic identities, AI-generated phishing, business email compromise, credential theft and session hijacking. It says attackers are no longer crafting scams manually but generating, testing and deploying them at machine speed, weakening identity checks that depend on what a person sees or hears.The report also identifies “AI asymmetry” as a defining risk, warning that capabilities such as vulnerability discovery, exploit generation and attack orchestration, which earlier required specialist teams and weeks of work, are increasingly available to comparatively low-resource actors. At the same time, AI models used for credit, fraud detection, KYC and onboarding are themselves becoming attack surfaces through prompt injection, model probing and adversarial manipulation.“Cybersecurity is one of the most important concerns that we have to address if we have to preserve all the benefits that we have derived from digitisation,” Krishnan said. He said attacks could affect individuals through cybercrime, cripple organisations through ransomware and, at their highest level, create national-scale disruption.“We have to treat cybersecurity as an enterprise-wide systemic risk against which institutions need to constantly guard,” he said, adding that digital governance, including AI governance, must give primacy to cybersecurity and operational resilience. Krishnan also stressed the need to build domestic technological capacity, strengthen identity and account access systems, and use AI more effectively to enable defenders to act faster.On software and systems, the report warns of supply-chain compromise, poisoned software dependencies, cloud misconfigurations, insecure development pipelines and the manipulation of payment and API business logic. It says attacks can exploit OTP race conditions, parallel transaction triggering, object-level authorisation failures and exception pathways without using malware or breaching a network perimeter.The third cluster covers systemic risks to financial infrastructure, including ransomware, crypto-enabled monetisation, firmware and IoT compromise, and long-term threats to encrypted data from quantum computing.A major finding is what the report calls the “compliance-security translation gap”. Institutions may pass periodic assessments while remaining exposed because controls drift from their original intent, cover only part of the actual attack surface or fail to keep pace with cloud, AI, container and machine-identity risks.To explain how breaches escalate, the report introduces a four-layer “Anatomy of Cyber Failure” framework covering design, enforcement, signal and response gaps. It identifies four recurring failure chains — trusted entry breaches, privilege escalation, logic abuse and invisible attacks operating beyond an institution’s telemetry.The report lays out an 18-month roadmap. During the first six months, institutions should deploy phishing-resistant authentication for high-risk accounts, identify service and machine identities, test payment workflows against adversarial manipulation, strengthen secrets and encryption-key management, and automate incident containment.Over six to 12 months, they should introduce continuous session assurance, behavioural transaction monitoring, cloud identity controls, runtime software validation and quarterly post-audit attack simulations. The final phase calls for passwordless privileged access, controls over AI-model and training-data supply chains, stronger oversight of vendors’ vendors, runtime integrity attestation and post-quantum cryptography migration planning.The report’s message is that financial institutions must move from periodically proving that security controls exist to continuously proving that they work under real attack conditions.Get the latest India news and live updates. Download the TOI App.About the AuthorManash Pratim GohainManash Pratim Gohain is a seasoned journalist with over two decades at The Times of India, where he has built a rich body of work spanning education policy, politics, and governance. Renowned for his incisive coverage of the National Education Policy (NEP) 2020, accreditation reforms, and skilling initiatives, he has also reported on student politics, urban policy, and social movements. His political reportage—both reflective and news-driven—adds depth to his writing, bridging policy with public impact. Through his 2,500 articles and related outlets, he has emerged as a trusted voice in national discourse, particularly in linking education reform to broader societal change.Read MoreEnd of ArticleFollow Us On Social MediaVideosUS Inmate Matthew Aaron VanDyke Seeks Special Diet, Cooking Permission Inside Tihar JailMission $500 Billion: India, US Push To Deepen Trade Ties As Deal Nears CompletionMission $500 Billion: India, US Push To Deepen Trade Ties As Deal Nears CompletionCDS To Present Theatre Command Roadmap As India Moves Closer To Military ReformsSupreme Court Rejects Madrasa Salary Plea As Bengal Intensifies Policy Overhaul MeasuresLucknow-Kanpur Expressway Set To Slash Travel Time To 30 Minutes, But Toll Sparks Debate | WatchHealth Camp Horror? FIR Against TMC MP Abhishek Banerjee After Woman’s Leg AmputatedSupreme Court Pushes Dialogue Route In Gyanvapi Case, Refers Dispute To Special Lok AdalatRailways Clarifies Viral Puja Video, Says Ritual Was Held in ₹3 Lakh Privately Booked Saloon Coach’Black Magic, Cow Urine’: Shiv Sena (UBT) Leader’s Daughter-In-Law Makes Shocking Allegations123Photostories10 beautiful baby names that symbolise new life and fresh beginningsAkshay Kumar’s go-to high-protein snack at 58 is packed with fiber and contains no chilliJuly New Moon 2026: Affirmations for your birth dateDo your knees hurt before it rains? Here’s why osteoarthritis pain gets worse during the monsoon, according to doctorsPigeons taking over your balcony? 7 Humane ways to keep them away without causing harmFrom grey saree elegance to embroidered sharara glam: Alia Bhatt masters two bridesmaid looks at Akansha Ranjan Kapoor’s wedding5 early symptoms of male pattern baldness every man should knowOTT releases this week (July 13 To July 19): ‘Murder 101’, ‘On Purpose with Jay Shetty’, ‘Transfer Trimurthulu’, ‘Ride or Die’ and moreInside Sumona Chakravarti’s stunning Mumbai home: Elegant décor, a beautiful living room and moreScience says curious children learn better: Why parents should encourage more questions123Hot PicksWWE Raw PreviewRajasthan PG admissionsSouth China SeaITR filingNepal protestLucknow-Kanpur ExpresswayEPFO amnesty schemeTaylor Swift and Travis KelceE20 petrol newsTop TrendingSamantha BuschMadurai AccidentITR filingFIFA World Cup 2026Karnataka Pakistani ArrestedGhaziabad Mall Rape MurderDelhi MurderTG TET 2026 resultGurgaon EncounterIran war
NEW DELHI: Six of the seven emerging cyber threats predicted for banks and financial institutions barely a year ago have already reached full-scale realisation, with artificial intelligence, stolen identities and manipulated payment workflows enabling attacks that increasingly resemble legitimate activity, India’s second Digital Threat Report for the BFSI sector has warned.The Digital Threat Report 2025-26, released by electronics and IT secretary S Krishnan, says the traditional progression of a cyber threat — from research and experimentation to large-scale exploitation — is breaking down. Threats are now being operationalised in months or even weeks, allowing attackers to innovate, scale and monetise faster than many financial institutions can respond.The report, prepared jointly by CERT-In, CSIRT-Fin and cybersecurity firm SISA, says social engineering, credential theft, supply-chain compromise and cloud exploitation, which were considered emerging or episodic risks in the previous edition, are now established attack methods. Only quantum risk among the seven predictions has not reached full-scale realisation, though “harvest now, decrypt later” strategies are already active.Its central concern is that the most damaging cyberattacks may no longer look like breaches. They can surface as authenticated user sessions, approved payments, routine account activity, compromised vendor actions or apparently normal business workflows, remaining indistinguishable from genuine transactions until the damage has occurred.The report groups the evolving risks into three broad clusters — AI and human deception, software and systems, and infrastructure and economy.Under AI and human deception, it flags industrial-scale deepfakes, synthetic identities, AI-generated phishing, business email compromise, credential theft and session hijacking. It says attackers are no longer crafting scams manually but generating, testing and deploying them at machine speed, weakening identity checks that depend on what a person sees or hears.The report also identifies “AI asymmetry” as a defining risk, warning that capabilities such as vulnerability discovery, exploit generation and attack orchestration, which earlier required specialist teams and weeks of work, are increasingly available to comparatively low-resource actors. At the same time, AI models used for credit, fraud detection, KYC and onboarding are themselves becoming attack surfaces through prompt injection, model probing and adversarial manipulation.“Cybersecurity is one of the most important concerns that we have to address if we have to preserve all the benefits that we have derived from digitisation,” Krishnan said. He said attacks could affect individuals through cybercrime, cripple organisations through ransomware and, at their highest level, create national-scale disruption.“We have to treat cybersecurity as an enterprise-wide systemic risk against which institutions need to constantly guard,” he said, adding that digital governance, including AI governance, must give primacy to cybersecurity and operational resilience. Krishnan also stressed the need to build domestic technological capacity, strengthen identity and account access systems, and use AI more effectively to enable defenders to act faster.On software and systems, the report warns of supply-chain compromise, poisoned software dependencies, cloud misconfigurations, insecure development pipelines and the manipulation of payment and API business logic. It says attacks can exploit OTP race conditions, parallel transaction triggering, object-level authorisation failures and exception pathways without using malware or breaching a network perimeter.The third cluster covers systemic risks to financial infrastructure, including ransomware, crypto-enabled monetisation, firmware and IoT compromise, and long-term threats to encrypted data from quantum computing.A major finding is what the report calls the “compliance-security translation gap”. Institutions may pass periodic assessments while remaining exposed because controls drift from their original intent, cover only part of the actual attack surface or fail to keep pace with cloud, AI, container and machine-identity risks.To explain how breaches escalate, the report introduces a four-layer “Anatomy of Cyber Failure” framework covering design, enforcement, signal and response gaps. It identifies four recurring failure chains — trusted entry breaches, privilege escalation, logic abuse and invisible attacks operating beyond an institution’s telemetry.The report lays out an 18-month roadmap. During the first six months, institutions should deploy phishing-resistant authentication for high-risk accounts, identify service and machine identities, test payment workflows against adversarial manipulation, strengthen secrets and encryption-key management, and automate incident containment.Over six to 12 months, they should introduce continuous session assurance, behavioural transaction monitoring, cloud identity controls, runtime software validation and quarterly post-audit attack simulations. The final phase calls for passwordless privileged access, controls over AI-model and training-data supply chains, stronger oversight of vendors’ vendors, runtime integrity attestation and post-quantum cryptography migration planning.The report’s message is that financial institutions must move from periodically proving that security controls exist to continuously proving that they work under real attack conditions.