AI Cyberattacks Now Top Risk for Indian Financial Sector
The Reserve Bank of India (RBI) has identified artificial intelligence-enabled cyber threats as the single biggest risk facing the country's banking and financial sector, according to its June 2026 Financial Stability Report (FSR) released on Tuesday.
In a survey of 33 scheduled commercial banks and 10 upper-layer non-banking financial companies (NBFCs), respondents ranked AI-powered cyberattacks above ransomware, phishing, malware, and third-party supply chain vulnerabilities as the most significant threat they expect to face over the next 12 months. The finding marks a decisive shift in how India's financial institutions view their threat landscape — away from traditional attack methods and toward a future where AI itself is the weapon of choice for malicious actors. The warning comes as India grapples with its sovereign AI ambitions amid growing concerns over infrastructure, governance, and trust gaps in the technology ecosystem.
What the RBI Survey Reveals
The RBI's survey found that AI-enabled cyber threats "emerged as the leading perceived risk over the next 12 months," with the central bank noting that rapid advances in AI "can increase the sophistication, speed and scale of cyber incidents." The report warns that emerging frontier AI models have significant implications for the resilience of both information technology (IT) and operational technology (OT) systems across India's financial sector.
While 98 percent of surveyed entities rated their present cyber risk as very low to moderate, and most reported that incidents during 2025-26 caused minimal disruption contained within 24 hours, nearly one-third said their perceived cyber risk had moderately or significantly increased compared to a year earlier. This suggests institutions are managing today's threats but remain uncertain about tomorrow's.
Most respondents classified themselves in the 'Developing' or 'Intermediate' stages of AI-enabled threat preparedness. Only a small proportion described their AI cyber readiness as 'Mature,' indicating that the sector has significant ground to cover.
Why AI Changes the Cybersecurity Equation
The RBI's report frames cyber risk as a core financial stability issue, not merely an IT department concern. Cyber incidents can disrupt critical infrastructure through service outages, data loss, and payment system interruptions, while eroding public trust in the banking system. As India's financial ecosystem becomes increasingly digital and interconnected, the attack surface available to malicious actors continues to expand.
Of the institutions surveyed, 79 percent reported that more than three-fourths of their customer transactions now happen digitally. That level of digital dependence means any disruption, however brief, has the potential to cascade across millions of customers almost instantly.
Globally, cyberattacks have risen sharply since 2020, and India continues to see a relatively high volume of such attacks compared to other emerging market economies. In the sample of countries the RBI examined, India trailed only Russia and Ukraine in reported cyberattack volumes. This follows global efforts like OpenAI's Patch the Planet initiative to address AI-powered cyber vulnerabilities at scale.
Banks Are Spending More on Cyber Defences
Recognising the growing threat, Indian financial institutions have begun investing heavily in cybersecurity. The RBI reported that around 67 percent of surveyed institutions increased their IT and cybersecurity staffing between March 2025 and March 2026. Meanwhile, 71 percent reported increased cybersecurity expenditure as a share of their overall IT budgets over the past three financial years.
The central bank also flagged concentration risk as an emerging concern. If many financial institutions rely on the same AI models or cloud infrastructure providers, a failure or compromise at one provider could rapidly cascade across the system. "A major cyber incident affecting any such provider could propagate rapidly across regulated entities, amplifying operational disruptions and posing risks to financial stability," the RBI warned.
Global Regulators Shift Focus to AI Risk Management
The RBI noted that regulators worldwide are moving beyond treating AI as merely an innovation opportunity and are now developing operational frameworks to manage AI-related risks. The Financial Stability Board (FSB) has created a dedicated AI workstream in its 2026 programme. The International Organization of Securities Commissions (IOSCO) has released an AI Supervisory Toolkit covering governance, third-party risk management, and disclosures. The OECD has published guidance on how financial supervisors should oversee AI adoption across banking, insurance, and capital markets.
The Bank for International Settlements (BIS), in its Annual Economic Report 2026, separately flagged the sustainability of the global AI investment boom as a pressure point threatening financial stability, warning of opaque financing structures, rising debt, and a trillion-dollar infrastructure buildout that could trigger the next financial crisis. The RBI's report echoes this concern, noting that AI-driven asset price corrections could pose systemic risks of their own.
Financial Sector Cybersecurity Strategy Takes Shape
The RBI said an Inter-Ministerial Group under the Financial Stability and Development Council (FSDC) is developing an India-wide Financial Sector Cybersecurity Strategy (FSCSS). The strategy will address cybersecurity risks associated with AI, cloud computing, quantum technologies, third-party dependencies, and consumer protection. It aims to harmonise regulatory frameworks and establish implementation timelines across the financial sector.
Earlier this month, the RBI also released a separate advisory on AI-Accelerated Cyber Threats and Related Safeguards (AI-ACT&RS), pushing banks and NBFCs to strengthen governance around how AI models are adopted, integrated, and sourced. The advisory mandates AI-specific threat controls, performance monitoring, and logging and forensic readiness.
On the positive side, the FSR confirmed that India's banking system remains resilient. Gross non-performing assets (NPAs) have hit a multi-decade low of 1.8 percent, and capital buffers remain strong. However, the RBI cautioned that sustained investment in cybersecurity infrastructure will be essential to maintain stability as AI-driven threats continue to evolve.
Sources
- Business Standard — AI-driven cyberattacks emerge as top risk for banks and NBFCs, says RBI
- India Today — RBI's latest worry isn't inflation. It's artificial intelligence
- ET BFSI — AI-enabled cyber threats top cybersecurity risk for India's financial sector: RBI Report
- The Cyber Express — AI Cyber Attacks Top Threat To Indian Banks: RBI
- Mint — AI-led cyber threats top risk for lenders over next 12 months, finds RBI survey
- KPMG — RBI advisory on AI-Accelerated Cyber Threats and Related Safeguards


