India’s mid-tier banking, financial services and insurance (BFSI) institutions are becoming increasingly vulnerable to cyberattacks due to lower cybersecurity investments despite rapid digital expansion, according to a new industry report.
The report, released by the Data Security Council of India and consulting firm BCG, stated that mid-sized private banks, small finance banks, NBFCs and urban cooperative banks are among the most exposed entities in the sector.
“The mid-tier Indian BFSI sits in the most exposed position: they have digitised aggressively, are deeply interconnected, but their cyber investments are much smaller than larger players,” the report said.
The study revealed that cyberattacks per organization in India stood at 1.6 times in 2025 compared to the global average of 1 time.
Despite facing higher cyber risks, Indian BFSI firms are spending less on cybersecurity than global peers. Only 38% of Indian BFSI companies allocate more than 10% of their IT budgets toward cybersecurity, compared to 76% globally.
The report also warned that advanced AI models such as Mythos are changing the economics of cyberattacks. According to the findings, it now costs just USD 80 to launch a full enterprise network attack.
Cyber incidents in the sector have more than doubled over the last 4 years, rising from 1.4 million in 2021 to 2.9 million in 2025. At the same time, breach costs increased by 7% to USD 2.5 million in 2025.
The report highlighted that attackers are gaining a significant advantage, with the average time required to exploit systems falling by 94%, from 745 days to just 44 days. The overall cost of carrying out attacks has also dropped by 70%.
A survey involving 40 chief information officers from India’s BFSI sector found that 43% of CISOs believe attackers are already outperforming existing defenses. However, only 19% reported increasing cybersecurity budgets by more than 10%.
“To be truly ready, every BFSI institution must now simultaneously curb AI-powered attacks, deploy AI for defense, and secure its own AI systems as one unified effort,” the report stated.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.