new delhi
The government on Monday stressed the need to build domestic capabilities in artificial intelligence and cybersecurity, with IT secretary S. Krishnan saying India has “no other option” but to strengthen domestic capabilities as cyber threats grow in size and sophistication.
Mr. Krishnan said rapid digitization has significantly improved the ease of living, ease of doing business, and economic efficiency, but has also exposed businesses and individuals to evolving cyber risks.
“A key area where we need to act is to make sure that what is the infrastructure and capacity that we build as a country in the AI space, both in terms of models, data, how we use this and how this infrastructure can support ourselves, and the important thing here is to build domestic capacity,” Krishnan said.
Mr. Krishnan emphasized that cybersecurity is one of the most important concerns to prioritize in order to maintain the benefits gained from digitalization.
He also released the second edition of the Banking, Financial Services and Insurance (BFSI) and Payments Ecosystem Digital Threat Report 2025-26. This report provides financial institutions, regulators, and cybersecurity leaders with an executive assessment of the threats reshaping banking, financial services, insurance, and digital payments.
“In today’s world, we all understand that cybersecurity is one of the most important concerns that must be addressed if we want to maintain all the benefits that can be gained from digitalization,” Krishnan said.
He pointed out that cyber threats now span multiple levels, from cybercrime that targets individuals through financial and reputational loss, to ransomware attacks on organizations, and cyberwarfare that can weaken governments and national infrastructure.
He said artificial intelligence (AI) will enable malicious attackers to launch more sophisticated attacks, while providing defenders with advanced tools to detect and respond to threats more quickly.
Krishnan called for continued vigilance, saying cybersecurity should be treated as an “enterprise-wide systemic risk” and integrated into a broader digital governance framework that includes AI governance alongside privacy and operational resilience.
He also emphasized the need to strengthen identity and access management, build resilient software and hardware systems, and ensure business continuity in the face of cyber threats.
On AI, Krishnan said India needs to develop domestic capabilities across models, data and computing infrastructure.
“In this particular area, we have no choice but to build domestic capacity,” Krishnan said, adding that strengthening indigenous technological capabilities is important to protect the country’s digital ecosystem and reduce strategic vulnerabilities.
The report, released by Ministry of Electronics and Information Technology (MeitY) along with Computer Emergency Response Team of India (CERT-In), Finance Sector Computer Security Incident Response Team (CSIRT-Fin), and SISA, is based on extensive digital forensics and incident response (DFIR) research, analysis aligned with CERT-In and CSIRT-Fin observations, and adversarial AI research.
Its central finding is that six of the seven forward-looking predictions made in last year’s edition have already reached full realization. This means that the time between the emergence of a threat and its operational exploitation is often reduced from years to months or even weeks.
Threats that were once considered emerging or ephemeral, such as social engineering, credential theft, supply chain compromise, and cloud exploitation, are now established attack techniques. The result is a threat environment in which the most harmful attacks bear no resemblance to traditional intrusions. These can surface as legitimate sessions, authorized payments, manipulated workflows, or normal user behavior that cannot be distinguished from genuine activity until the damage is done.
“The distance between innovation and exploitation has narrowed dramatically, and this single change will change everything about how our industry protects itself,” said Darshan Shantamurthy, founder and CEO of SISA.
The report identifies AI asymmetry as one of the critical risks facing financial institutions. Activities that once required specialized teams, significant resources, and weeks of effort are now being performed at “machine speed” by attackers with relatively few resources. This puts the attack capability on a faster development curve than many of the defense and regulatory mechanisms designed to contain it.
The standout of this edition is Anatomy of a Cyber Failure, a four-layer gap archetype framework that reconstructs, end-to-end, how modern breaches actually occur. Viewed through this lens, we see that a breach is rarely a one-time event, but rather a series of compound weaknesses. This allows organizations to identify recurring patterns, prioritize systemic risks, and direct investments to gaps with the greatest potential impact.
For industry and institutions, this report identifies changes that could reshape the sector and provides an 18-month roadmap to move from strengthening basic controls to continuing to build capabilities and, ultimately, building a more resilient security architecture.
read more: Assam: Badruddin Ajmal supports anti-drug campaign
“As India’s financial ecosystem becomes more interconnected, real-time and technology-driven, cyber resilience needs to be treated as a shared responsibility across institutions, regulators and the broader digital supply chain,” said Sanjay Bahl, Executive Director, CERT-In.
Indian Computer Emergency Response Team (CERT-In) is a national agency that responds to computer security incidents.
