The Rise of AI-Powered Cyberattacks: Is India’s BFSI Sector Ready?

For those of us who’ve tracked the ever-shifting landscape of cybersecurity, the narrative has always been one of escalating threats met with evolving defenses. But today, a new, more intelligent predator stalks the digital realm: AI-powered cyberattacks. And in India, where the Banking, Financial Services, and Insurance (BFSI) sector forms the bedrock of our economy and holds the keys to vast troves of sensitive data, the question isn’t if these attacks are coming, but whether we’re truly prepared for them.

The short answer, gleaned from recent reports and ground realities, is a nuanced one: the sector is awakening, but the race is on.

The Escalating Threat of Adversarial AI

The digital transformation across India’s BFSI landscape has been nothing short of phenomenal. Yet, this rapid digitization, while boosting convenience and reach, has simultaneously opened gates for a wider playing field for cybercriminals. What makes the current wave particularly menacing is the application of Artificial Intelligence by these malicious actors. We’re talking about threats that learn, adapt, and personalize their attacks, rendering traditional defenses increasingly obsolete.

Consider phishing, the old faithful of cybercrime. Once riddled with tells like poor grammar or awkward phrasing, AI has transformed it into a precision weapon. The first half of 2024 alone saw a staggering 175% surge in phishing attacks targeting the Indian financial sector compared to the previous year, highlighting an “increasingly volatile” threat landscape. AI-driven tools can now craft emails and messages so convincing and contextually relevant, that they mimic legitimate communications with pin-point accuracy, often by scraping data from social media and other public sources.

Even more disturbing is the rise of deepfakes. India has experienced a 550% increase in deepfake identity fraud since 2019, with projected losses reaching a staggering INR 700 billion (US$8.3 billion) in 2024. These aren’t just entertainment curiosities, they are potent tools for executive-level Business Email Compromise (BEC) attacks and sophisticated misinformation campaigns that erode digital trust.

The financial toll is equally stark. The average cost of a data breach in India hit US$2.35 million in 2024, a 7.8% year-over-year increase. For financial institutions specifically, that figure climbs to a hefty US$6.08 million, making it one of the costliest sectors for breaches globally.

India’s Vulnerability and the Regulatory Push

According to Cyble’s Threat Landscape Report, India now ranks among the most targeted nations globally for cyber threats, particularly vulnerable to email and malware-based attacks. The report points to cybercriminals leveraging emerging technologies like AI to intensify their campaigns.

Recognizing the gravity of the situation, the Reserve Bank of India (RBI) has stepped up its oversight. In its recent bi-annual Financial Stability Report (FSR), the RBI explicitly urged financial institutions to embrace “AI-aware defence strategies” alongside risk-based supervision and zero-trust frameworks. This signals a clear shift from reactive compliance to proactive, intelligent defense.

Furthermore, the RBI has mandated that banks adopt the Department of Telecommunications’ Financial Fraud Risk Indicator (FRI) technology, which uses AI and machine learning for real-time fraud detection, integrating telecom intelligence directly into banking workflows for a “proactive fraud shield”.

The Double-Edged Sword: AI in Defense

It’s not all doom and gloom. The BFSI sector is also leveraging AI as a powerful defensive weapon. Financial institutions extensively utilizing AI in their security protocols have reported significantly lower data breach costs (average US$1.76 million less) and notably faster detection and containment times (108 days quicker) compared to those not using AI.

AI-driven solutions are enhancing threat detection and analysis, automated incident response, and predictive threat intelligence that helps in anticipating future attacks by analyzing historical data and emerging patterns.

However, the path isn’t without its potholes. Many traditional banks grapple with legacy systems that hinder the seamless integration of cutting-edge AI defenses, creating new vulnerabilities. Common weaknesses like misconfigured cloud environments, insufficient security controls, lack of multi-factor authentication (MFA), and delayed security patches continue to be exploited by attackers.

Vigilance is Key

India’s BFSI sector is at a critical juncture. The rise of AI-powered cyberattacks demands a radical rethink of cybersecurity strategies. It’s no longer enough to react; institutions must anticipate, predict, and automate their defenses. This involves several protective actions: aggressive AI adoption for defense, strengthening foundational security, and among others, adherence to RBI directives.

Ankit Sharma, Senior Director and Head – Solutions Engineering, Cyble, is a Seasoned Techno-commercial professional, having refined skill set & relevant experience in driving both Topline & Bottomline growth. Domain expertise in the field of Program Delivery Management, and Technical Sales & Key Account Management. Ankit is a highly skilled Data security & Privacy professional who specializes in Data Privacy (Global Privacy law/regulations/standards & Privacy Information management Systems), Data Governance, Compliance Management & Cloud Security. Currently Heading Solution Engineering for Cyble Inc., managing the global team of some brilliant solutions engineers and architects, which also act as a bridge between the Clients and back-end teams.

He previously worked as a Lead- Global Service delivery & Lead Consultant- Data Governance & Privacy at Provise Consulting (Baker Tilly GCE). In this capacity, he delivered 100+ big ticket projects for diverse businesses ranging from Telecom to Real Estate, predominantly in Middle East, India, Southeast Asia & Europe region

Before joining Provise, he was associated with Aditya Birla Group (ABG), where he was Leading- Risk & Data Privacy function for BMCSL HR Shared Service. He also worked in the Corporate Information Security team of ABG as an IS & Privacy Project Manager, where he was involved in – Information Security, Data Privacy, Business Continuity, Risk Management & Compliance for the entire ABG conglomerate at the central level with help of the team of 140 ABG CISOs. This includes the challenging task of defining the information security and privacy requirements for a global and sector diverse businesses (such as manufacturing, telecom, finance and retail)

Ankit Sharma can be reached online at [email protected] and at our company website https://cyble.com/

Absolutely! Let’s get started with the HTML rewrite for your WordPress website.

Original Text:
“Our company offers a wide range of eco-friendly products that are perfect for your sustainable lifestyle. From reusable bags to bamboo utensils, we have everything you need to reduce your carbon footprint and live more sustainably.”

Rewritten HTML: