AI-Driven Cyberattacks Push BFSI to the Brink | Image Source: www.zeebiz.com
NEW DELHI, India, 7 April 2025 – The image of cybersecurity in the Indian financial sector has become critical. The recently published Digital Threat Report 2024, a joint effort by CERT-In, CSIRT-FIN and the SISA cybersecurity company, reveals a sober reality: cybercriminals evolve faster than protections designed to stop them. And the banking, financial and insurance sector (BFSI) remains at the forefront.
According to the report, the first half of 2024 saw an astonishing 175% increase in phishing attacks compared to the same period in 2023. With the overall average cost of a data deficit now of $4.88 million – and $2.18 million in India – the implications for organizations that do not adapt are pronounced. But what is more worrying is how methods of attack evolve and how traditional defence strategies can no longer be sufficient.
Why is the BFSI sector so vulnerable?
Anyway, money and data. This combination makes the BFSI sector the ideal hunting area for cyber criminals. Unlike other industries, BFSI institutions manage massive amounts of identifiable personal information, financial assets and payment portals, all interconnected between platforms. A unique vulnerability of the system can have cascade effects throughout the digital infrastructure.
When asked why cyber criminals target BFSI at such alarming rates, the answer is accessibility and payment. According to the report, attackers no longer need to rape a vault, but only to exploit a negligent click in a phishing email or to enjoy a poorly configured server.
“A cyber attack in a financial institution can have disastrous results… resulting in exponential losses”
said S. Krishnan, Secretary, Ministry of Electronics and Information Technology.
How do cyber criminals overcome traditional defenses?
What begins in the 2024 report is how you are eludindo even multifactor authentication (MFA) – which has long been considered a pillar of cybersecurity. Attackers are increasingly benefiting from stolen session cookies and session starters collected on the dark web, making the MFA virtually useless in some scenarios.
The prevalence of undertaking for business emails and advanced phishing campaigns is no longer speculative; It’s a documented reality. And now there’s a new turn: the attackers are deploying deep tools to imitate executives, examine identity and deceive employees and clients.
“Most cyber security attacks occur due to phishing of emails addressed to employees. We are now conducting monthly simulation campaigns using sophisticated phishing tactics… and we have really raised the bar in terms of employee awareness.”
explained Ashwin Sekar, InCred Product and Technology Manager.
What role does AI play in attacking and defending?
That’s where bets grow even more. Artificial intelligence is a double-edged sword: an accelerator for innovation and intrusion. The Digital Threat Report warns that by 2025, AI-related cyber attacks will become one of the most scalable and adaptable threats facing the BFSI sector.
Attackers are already using generic AIs to create hyper-personalized phishing messages, real-time micro-voices, and exploit weaknesses in large language models (LLM) through rapid piracy. It is no longer a question of whether AI will be used maliciously, it is already happening.
“We need artificial intelligence. Helping businesses grow is essential. But we also need guards
noted Dr. Anand Mahalingam, Vice President, Data Sciences in Digital Insurance.
He also stressed the importance of governance:
“Each model must have verification records… Once you have built this level of sophistication, people start to trust your models. “
What are the main weaknesses of cybersecurity?
Despite the progress made, some persistent oversight gaps are open doors for threatening actors. These include:
- Misconfigured systems
- Over-privileged access permissions
- Unsecured third-party vendors
- Weak access control frameworks
The increased vulnerability of the supply chain is of particular concern. Open source software, widely used by BFSI companies, has become a Trojan horse. If even an unsecured line of code enters a central system, potential damage can be catastrophic.
What do industry leaders do to respond?
The private sector is growing, but with caution. Organizations are beginning to invest more in:
- AI-driven threat detection systems
- Zero Trust architecture models
- Regular employee training and phishing simulations
- Comprehensive access audits and governance reviews
And there is growing recognition that cybersecurity is not just a technological problem, it is a cultural one.
“It is very easy to fall into the trap of thinking technology is a silver bullet, it is never. You must marry technology with people and the right processes”
sekar added.
How do regulations and compliance model the landscape?
According to the Digital Threat Report, regulation is shifting from rigid check boxes to dynamic tools for a strategic benefit. The focus is on compliance as a growth driver, particularly in terms of transparency and fairness of AI data.
Yogesh Agarwal, founder and CEO of insurance, is concerned about the use of AI in insurance and lending:
“When a decision is made, what parameter was made? The data was correct and in the client’s interest? We need to create an audit trail for the decision-making framework
With AI now influencing everything, from credit assessments to product design, regulators face a key issue:
Will AI be allowed to operate independently as part of the VSI’s critical functions, or will human monitoring remain mandatory?
How can organizations build resilience move forward?
The Digital Threat Report 2024 not only describes the issues but also provides a roadmap. The main recommendations are as follows:
- Strengthening vendor risk management frameworks
- Regularly updating and testing incident response plans
- Implementing AI governance protocols with audit trails
- Enhancing customer communication to build trust in digital services
- Investing in continuous employee training, not just once-a-year drills
Organizations are urged to recognize compliance not as an obligation, but as a strategic differentiation. Transparency, accountability and accountability in the use of IA will be key pillars to move forward.
And in a country like India, where the pressure for financial inclusion is strong, the integration of secure and reliable digital platforms is essential to reach the underprivileged. Dr. Mahalingam summarized better:
“In a country like India, we must provide these services to the masses. Technology is the only way to climb
However, the unsecured ladder is a time bomb. And 2024 may well be recalled as the year that the lesson became impossible to ignore.
About The Author
