Personal Finance

AI-Enabled Cyber Threats Seen As Biggest Risk In The Next 12 Months: RBI

The financial institutions in India are largely dependent on third parties for cybersecurity-related functions, and a single incident affecting a single service provider could propagate to affect multiple financial institutions. There is a need to increase IT-related expenditure and cybersecurity awareness at the employee level to keep the financial system safeguarded against cyberattacks

AI
AI-led cyber threats are the top perceived risks by Banks and NBFCs Photo: AI
info_icon
Summary

Summary of this article

  • RBI survey finds AI-enabled cyber threats are perceived as the biggest cyber risk over the next 12 months by Indian financial institutions.

  • Banks are heavily dependent on third-party vendors for cybersecurity functions, which can create supply-chain risk.

  • The report calls for higher IT spending, stronger employee awareness, and better forensic preparedness.

The Reserve Bank of India’s (RBI) Financial Stability Report for June 2026 shows that while the banking system overall is supported by an improvement in the Banking Stability Indicator across almost all dimensions, cybersecurity risk is emerging as a primary threat to system stability. In today’s time, where around 79 per cent of customer transactions are done digitally, the interconnected nature of the digital financial system has expanded the area for malicious cyber attackers.

According to the report, while institutions are currently viewing risks as manageable, the fast pace of change in technology demands unprecedented vigilance.

AI-Enabled Cyber Threats

The survey found that artificial intelligence (AI-enabled) cyberattacks are seen as the “leading perceived risk” in the near-term (over the next 12 months) challenge for Indian Financial institutions. The AI technology is advancing with drastically increasing sophistication, speed, and scale of cyber attacks.  

According to the survey, most respondents currently find themselves in the ‘developing’ or ‘intermediate’ stages of AI threat preparedness. Only a small fraction reported a ‘mature’ stage of preparedness against AI-led threats.  

The report highlights that this indicates that banks are aware of the risks, but their framework is still evolving to meet the rapid pace of AI innovation. This makes continuous regulatory guidance essential across sectors to strengthen detection and preparedness.

Most Perceived Cyber Risks Over The Next 12 Months

info_icon

Third-Party Reliance

The report also underscores heavy reliance on external vendors for cybersecurity-related functions. Around 93 per cent of respondents reported being partially or substantially dependent on third parties for essential tasks, such as security operations centre (SOC) monitoring, cloud security, and threat intelligence. This points out a supply claim risk that is concentrated, and an incident affecting a single service provider could propagate to affect multiple financial institutions.

Yet, three-fourths of respondents admit their moderate or high operational dependence on these technology providers for critical security applications. This poses a risk to financial stability.    

Investment Trends In Cybersecurity

To prepare against cyber threats, financial institutions are increasing their defensive investments. According to the report, 67 per cent of surveyed entities reported an increase in IT and cybersecurity staffing between March 2025 and March 2026. Around 71 per cent of respondents have increased their cybersecurity allocation within the overall IT budget over the last three years.

However, it can further be increased, considering that 81 per cent of the institutions reported less than 5 per cent of their total revenue for IT expenditures in 2025-26. The report suggests that international benchmarks should serve as the yardstick for future technology budgeting.

The Human Entry Point

The report also highlights a positive point. According to the report, Indian institutions are managing technology life-cycle risks. Around 93 per cent of the respondents reported having had low to no exposure in their critical services or applications across risk categories, such as systems awaiting major upgrades, systems not receiving vendor security patches, or unsupported systems. This shows a strong foundation for operational resilience.

But the report warns that many a time, it is human behaviour that paves the way for cyberattacks. While board-level awareness has increased, employee-level awareness needs to be increased through training.

The report emphasises that forensic preparedness must be improved so that digital evidence is preserved for investigations if a breach occurs. It highlights that amid looming geopolitical tensions, 42 per cent of the respondents find that global uncertainty has increased the likelihood of cyberattacks.  

Published At:
CLOSE