SYLLABUS

GS-3: Basics of cyber security; role of social networking sites in internal security challenges.

Context: The Ministry of Electronics and Information Technology (MeitY), along with CERT-In, CSIRT-Fin and SISA, released the 2nd edition of the Digital Threat Report 2025–26 for India’s Banking, Financial Services and Insurance (BFSI) and digital payments ecosystem.

About the Report

  • Released by MeitY, CERT-In, CSIRT-Fin and SISA for the BFSI and digital payments ecosystem.
  • Provides an executive assessment of the evolving cyber threat landscape for financial institutions, regulators and cybersecurity leaders.
  • Based on Digital Forensics and Incident Response (DFIR) research, CERT-In & CSIRT-Fin observations, and research on adversarial Artificial Intelligence (AI).
  • Introduces the “Anatomy of Cyber Failure”, a 4-Layer Gap Archetype Framework explaining how modern cyber breaches occur through systemic weaknesses.
  • Presents an 18-month roadmap to strengthen foundational controls, build continuous cyber resilience, and develop resilient security architectures.

Key Findings of the Report

  • Cyber risks have expanded: Cybersecurity risks have evolved beyond data theft and isolated breaches.
    • They now include transaction integrity, customer trust, operational continuity, third-party dependencies, AI models and confidence in digital financial infrastructure.
  • AI Asymmetry: The report identifies AI asymmetry as the defining risk.
    • Cyberattacks that earlier required specialist teams and weeks of effort can now be executed at machine speed by comparatively low-resource threat actors.
  • Predictions realised faster: Six of the seven predictions made in the previous edition have already reached full-scale realisation.
    • This shows that the time between the emergence of a threat and its operational exploitation has shrunk from years to months or even weeks.
  • Emerging threats are now mainstream: Threats such as social engineering, credential theft, supply-chain compromise, cloud exploitation, Business Email Compromise (BEC), session hijacking and deepfake-enabled fraud have become established attack methods.
  • Attacks exploit digital trust: Modern attacks increasingly appear as legitimate user sessions, authorised payments, normal workflows and trusted partner interactions.
    • This makes them difficult to distinguish from genuine activity until significant damage has occurred.
  • Systemic cyber risks: Cyber risks now extend across identity systems, AI models, real-time payment rails, cloud infrastructure, supply chains, APIs, partner platforms, machine identities and agentic AI.
    • This makes cyber resilience a shared responsibility.
  • India’s BFSI sector remains highly targeted: Cyberattacks on India’s BFSI sector are 1.6 times the global average.
    • Incidents have increased from 1.4 million (2021) to 2.9 million (2025).
  • Supply-chain compromise has become a major systemic cyber risk: A single compromised vendor can simultaneously affect multiple financial institutions.
    • Ransomware groups are also increasingly shifting from file encryption to data theft and extortion.
  • Attackers are moving faster than defenders: Zero-day exploitation windows have compressed from weeks or months to hours.
    • The average time to identify and contain a breach remains around 263 days.
  • Shift from static controls to continuous assurance: The report calls for a shift from periodic compliance-based security to continuous risk assessment, coordinated response, stronger information sharing and continuous assurance across the financial ecosystem.
  • Anatomy of Cyber Failure: The report introduces the 4-Layer Gap Archetype Framework.
    • It shows that modern cyber breaches result from a chain of Design, Enforcement, Signal and Response gaps rather than a single security lapse.

Way Forward / Recommended Priorities

  • Phishing-resistant Multi-Factor Authentication (MFA).
  • Passwordless authentication.
  • Continuous risk assessment.
  • Behavioural biometrics and continuous session assurance.
  • Stronger identity governance covering human, machine and AI identities.
  • Adversarial robustness testing before deploying AI in critical financial decisions.
  • Migration towards post-quantum cryptography.
  • Enhanced information sharing and coordinated incident response across the financial ecosystem.
Shares: