Mid-tier entities in Indian BFSI under-invested in security, most exposed to cyberattacks: Report

Mumbai: The mid-tier of India’s banking, financial services and insurance (BFSI) entities have digitised aggressively but invested less in cybersecurity, making them the most exposed to cyberattacks, a report said on Thursday.

This includes mid-size private banks, small finance banks, NBFCs, urban cooperative banks, the report by the Nasscom-founded and BCG, a consultant, said.

Also read:

“The mid-tier Indian BFSI sits in the most exposed position: they have digitised aggressively, are deeply interconnected, but their cyber investments are much smaller than larger players,” the report said.

It said that Indian BFSI entities are spending less than global peers on cybersecurity despite facing higher incidents of cyberattacks and warned that the emergence of frontier AI models like Mythos is rewriting the economics of offence.

The cyber attacks per organisation stood at 1.6 times in India in 2025 as against 1 time globally the report said.

However, the percentage of BFSI companies which invest over 10 per cent of their IT spends on cybersecurity stood at 38 per cent in India as against 76 per cent globally, the report said.

Amid heightened concerns about vulnerabilities posed by frontier models like Mythos, the report said it now takes just USD 80 to mount a full enterprise network attack.

Cyber incidents have more than doubled in four years to 2.9 million in 2025 as against 1.4 million in 2021, and the breach costs rose 7 per cent to USD 2.5 million in 2025.

Also read:

The biggest gains are on the attackers’ side, with time to exploit going down by 94 per cent to 44 days as against the earlier 745 days, while the cost of an attack is down by 70 per cent.

Worryingly, a survey of 40 chief information officers from the Indian BFSI sector found that 43 per cent of Indian CISOs say attackers are already outpacing their defences, but only 19 per cent have increased cyber budgets by more than 10 per cent.

Terming AI only as an accelerant, it said foundational in Indian BFSI is finding it difficult to keep pace with the digital scale of operation.

“To be truly ready, every BFSI institution must now simultaneously curb AI -powered attacks, deploy AI for defense, and secure its own AI systems as one unified effort,” it said.