Digital Threat Report 2025-26

sfg-2026
ForumIAS LATEST
  1. 09 July | Make Your UPSC Answers More Impactful with Adjectives by Ayush Sinha | Click Here to Watch →
  2. 10 July | From 6 Attempts to AIR 53: Kiran's UPSC Success Journey | Click Here to Watch →
  3. 11 July | Your Friends Reflect Your Values by Ayush Sinha | Click Here to Watch →

News: The Ministry of Electronics and Information Technology (MeitY) released the second edition of the Digital Threat Report 2025–26 for the Banking, Financial Services and Insurance (BFSI) and payments ecosystem.

About Digital Threat Report 2025-26

Digital Threat Report 2025-26
Source: Digital Threat Report 2025-26
  • The Digital Threat Report 2025-26 provides a comprehensive assessment of the cybersecurity landscape in the Banking, Financial Services and Insurance (BFSI) sector.
    • It identifies sector-wide security gaps and offers a forward-looking analysis of emerging cyber risks, equipping financial institutions with insights to prepare for current and future cyber threats.
    • It draws on extensive digital forensics and incident response (DFIR) research, analysis aligned with CERT-In and CSIRT-Fin observations, and research into adversarial AI.
  • Aim: This initiative aims to support India’s Banking, Financial Services, and Insurance (BFSI) sector in strengthening their defences and building long-term cyber resilience with the rapid digitization of financial services.
  • 2025-26 Edition: This is the second edition of the Digital Threat Report.
    • The first edition of this report was released in 2025. 
  • Released by: It has been released by the Ministry of Electronics and Information Technology (MeitY), along with the Indian Computer Emergency Response Team (CERT-In), the Computer Security Incident Response Team in Finance (CSIRT-Fin) and SISA.
  • Findings of the report:
    • Attackers are increasingly targeting trust in systems rather than just stealing data. They are exploiting biometric onboarding, partner apps, AI decision-making and real-time payments, creating new risks for the banking, financial services and insurance (BFSI) sector.
      • Financial attacks are shifting from direct system compromise to manipulating trust across biometric onboarding, partner applications, AI systems, APIs, programmable finance and third-party ecosystems.
    • Six of the seven cyber threat predictions from the previous edition of the report have already come true, showing that cyber threats are evolving faster than traditional security systems can keep up.
      • Deepfake attacks have become more advanced, using real-time executive video deepfakes, malicious large language models (LLMs) and constantly changing attack techniques.
      • Social engineering and Business Email Compromise (BEC) attacks have increased, while credential theft and session hijacking remain the main ways attackers gain access to systems.
      • Cyberattacks are now generated and launched at machine speed rather than being manually created. Phishing emails have also become highly personalised and are often difficult to distinguish from legitimate communications, making the BFSI sector the most targeted industry.
  • Recommendations
    • There is a need to make active liveness detection a standard part of digital onboarding and strengthen security with continuous session monitoring using behavioural biometrics, device posture checks and token binding for high-privilege sessions.
    • Expand identity governance beyond employees to include service accounts, machine identities and AI agents, while enabling cross-database identity verification for high-assurance account openings where legally allowed.
    • There is a need to adopt continuous security assurance, ecosystem-wide trust and a resilience-focused approach to cybersecurity.
Print Friendly and PDF
Blog
Academy
Community