Mid-Tier Entities in Indian BFSI Sector Underinvest in Security, Exposed to Cyber Threats: Report

India's Mid-Tier BFSI Entities Most Exposed to Cyberattacks, Report Warns

India's mid-tier banking, financial services, and insurance (BFSI) entities have aggressively digitized their operations but invested less in cybersecurity, making them the most exposed to cyberattacks, according to a report released on Thursday. The report, jointly conducted by the Nasscom-founded Data Security Council of India and BCG, a consultant, highlights the vulnerabilities of mid-size private banks, small finance banks, non-banking financial companies (NBFCs), and urban cooperative banks.

The report notes that Indian BFSI entities are spending less on cybersecurity compared to their global peers, despite facing a higher incidence of cyberattacks. In 2025, the number of cyber attacks per organization in India stood at 1.6 times the global average of 1 time. Furthermore, only 38% of BFSI companies in India invest over 10% of their IT spends on cybersecurity, compared to 76% globally.

The report warns that the emergence of frontier AI models like Mythos is rewriting the economics of offense, making it easier and cheaper for attackers to launch cyberattacks. In fact, it now takes just $80 to mount a full enterprise network attack. Cyber incidents have more than doubled in four years to 2.9 million in 2025, with breach costs rising 7% to $2.5 million in the same year.

Read also: FirstClub Secures $55 Million in Funding from Peak XV, Sofina, and Other Investors 9 Months After $22 Million Series A Round

The attackers are also gaining an upper hand, with the time to exploit going down by 94% to 44 days, compared to 745 days earlier. The cost of an attack has also decreased by 70%. A survey of 40 chief information officers from the Indian BFSI sector found that 43% of Indian CISOs believe that attackers are already outpacing their defenses, but only 19% have increased cyber budgets by more than 10%.

The report concludes that foundational cyber resilience in Indian BFSI is struggling to keep pace with the digital scale of operation. To be truly ready, every BFSI institution must now simultaneously curb AI-powered attacks, deploy AI for defense, and secure its own AI systems as one unified effort.