Mid-tier BFSI cybersecurity gaps in India widen as cyberattacks run 1.6 times global, report says

Mid-sized banking, financial services and insurance firms in India were flagged as the most vulnerable to cyberattacks. A new report said these organisations digitised quickly but lagged in cybersecurity spending. It linked the risk to deep connections across systems and faster, cheaper attacks. The report highlighted rising incidents and warned that new AI tools were changing attacker economics.

The report said the most exposed group includes mid-size private banks, small finance banks, NBFCs and urban cooperative banks. It was released by the Nasscom-founded Data Security Council of India and BCG. It said these firms expanded digital services rapidly and rely on many partners. Yet, cyber investment remained far below what large institutions spend.

India BFSI cybersecurity spending gap and global comparison

According to the report, Indian BFSI entities spend less on cybersecurity than global peers. This was despite facing more attacks than the global average. In 2025, cyber attacks per organisation were 1.6 times in India. Globally, the report put the level at 1 time. It also said this gap raised operational and customer data risks.

The report compared security budgets as a share of IT spending. It said 38 per cent of BFSI companies in India invest over 10 per cent of IT spends on cybersecurity. The comparable figure globally was 76 per cent, the report said. It warned that lower spending reduced the ability to detect intrusions and respond quickly.

India BFSI cyberattacks and costs in 2021-2025

Cyber incidents rose sharply over the past four years, the report said. It recorded 2.9 million incidents in 2025, up from 1.4 million in 2021. It also said breach costs climbed 7 per cent to USD 2.5 million in 2025. The report linked rising losses to wider digital access and growing attacker capabilities.

The report said attackers gained the most from recent shifts in tools and tactics. Time to exploit fell by 94 per cent to 44 days, down from 745 days earlier. It added that the cost of an attack dropped by 70 per cent. The report said lower cost and faster execution widened the threat for mid-tier firms.

India BFSI frontier AI models Mythos and attacker economics

The report warned that frontier AI models like Mythos were reshaping attack planning and execution. Amid stronger concerns about these models, it said it now takes just USD 80 to mount a full enterprise network attack. It added that such pricing changes made complex attacks easier to repeat at scale across connected financial networks.

A survey included 40 chief information officers from the Indian BFSI sector, the report said. It found 43 per cent of Indian CISOs say attackers are already outpacing their defences. Yet only 19 per cent have increased cyber budgets by more than 10 per cent. The report said this mismatch left many institutions exposed.

Terming AI only as an accelerant, it said foundational cyber resilience in Indian BFSI is finding it difficult to keep pace with the digital scale of operation. To be truly ready, every BFSI institution must now simultaneously curb AI -powered attacks, deploy AI for defense, and secure its own AI systems as one unified effort, it said.

With inputs from PTI