Digital Threat Report 2025–26
 
  • Mobile Menu
HOME BUY MAGAZINEnew course icon
LOG IN SIGN UP

Sign-Up IcanDon't Have an Account?


SIGN UP

 

Login Icon

Have an Account?


LOG IN
 

or
By clicking on Register, you are agreeing to our Terms & Conditions.
 
 
 

or
 
 




Digital Threat Report 2025–26

Mon 13 Jul, 2026

The Ministry of Electronics and Information Technology (MeitY), in collaboration with the Indian Computer Emergency Response Team (CERT-In), Computer Security Incident Response Team in Finance (CSIRT-Fin) and SISA, released the second edition of the Digital Threat Report 2025–26 for the Banking, Financial Services and Insurance (BFSI) and digital payments ecosystem.

 

Key Highlights

Objective

The report provides:

  • A comprehensive assessment of emerging cyber threats in the BFSI sector.
  • Actionable recommendations for financial institutions, regulators, and cybersecurity leaders.
  • An 18-month strategic roadmap to enhance cyber resilience.

 

Major Findings

1. Cyber Threats are Evolving Rapidly

  • Six out of the seven cyber threat predictions made in the previous report have already become reality.
  • The gap between the emergence and exploitation of cyber threats has shrunk from years to months or even weeks.

 

2. AI is Changing the Cybersecurity Landscape

The report identifies Artificial Intelligence (AI) asymmetry as one of the biggest emerging risks.

AI enables cybercriminals to:

  • Launch sophisticated attacks faster.
  • Automate phishing and malware.
  • Conduct credential theft.
  • Exploit cloud infrastructure with minimal resources.

As a result, offensive cyber capabilities are growing faster than defensive and regulatory mechanisms.

 

3. Shift in Nature of Cyber Attacks

Traditional hacking methods are being replaced by attacks that appear legitimate.

Common attack methods include:

  • Social Engineering
  • Credential Theft
  • Supply Chain Attacks
  • Cloud Exploitation
  • AI-driven Fraud

These attacks often resemble:

  • Genuine user sessions
  • Approved digital payments
  • Legitimate workflows

making them difficult to detect.

 

4. Anatomy of Cyber Failure Framework

A major feature of this edition is the introduction of the:

"4-Layer Gap Archetype Framework"

The framework helps institutions:

  • Identify systemic weaknesses.
  • Understand how cyber breaches escalate.
  • Prioritize cybersecurity investments.
    • Build stronger security architecture.

 

5. 18-Month Roadmap

The report recommends:

  • Strengthening foundational cyber controls.
  • Continuous risk assessment.
  • Real-time monitoring.
  • Improved information sharing.
  • Coordinated incident response.
  • AI-enabled cyber defence.

 

About CERT-In

Full Name Indian Computer Emergency Response Team
Parent Ministry Ministry of Electronics & Information Technology (MeitY)
Established 2004
Legal Status Designated under the Information Technology (Amendment) Act, 2008
Headquarters New Delhi
Role National nodal agency for responding to cyber security incidents

Functions

  • Collection and analysis of cyber incident data.
  • Issuing cyber alerts.
  • Incident response coordination.
  • Publishing security advisories.
  • Vulnerability assessment.
  • Cybersecurity awareness.

 

About CSIRT-Fin

Full Form

Computer Security Incident Response Team in Finance

Role

Sector-specific cybersecurity agency for India's financial sector.

Functions

  • Cyber incident prevention.
  • Threat intelligence.
  • Incident response.
  • Coordination among:
    • Banks
    • Insurance companies
    • Securities markets
    • Pension funds
    • Issuing sector-specific cybersecurity advisories.

 

About SISA

  • Global cybersecurity company specializing in the payments ecosystem.
  • Operates in 40+ countries.
  • Secures more than 1,000 organizations worldwide.
  • Focus areas:
    • AI Security
    • Payment Security
    • Digital Forensics
    • Incident Response

 

Significance for India

  • Strengthens cybersecurity in India's rapidly growing Digital Public Infrastructure (DPI).
  • Protects the BFSI sector, which forms the backbone of the digital economy.
  • Enhances resilience against AI-powered cyber threats.
  • Supports secure digital payments under initiatives such as Digital India and UPI.
  • Improves coordination among regulators, financial institutions, and cybersecurity agencies.

 

Challenges

  • Increasing use of AI by cybercriminals.
  • Sophisticated phishing and social engineering attacks.
  • Supply chain vulnerabilities.
  • Cloud security risks.
  • Shortage of skilled cybersecurity professionals.
  • Rapidly evolving threat landscape.

 

Way Forward

  • Adopt Zero Trust Architecture.
  • Increase AI-driven cyber defence mechanisms.
  • Strengthen cyber threat intelligence sharing.
  • Conduct regular cybersecurity audits.
  • Enhance public-private collaboration.
  • Build cyber awareness among financial institutions and customers.
  • Implement continuous monitoring instead of periodic security assessments.

 

Latest Courses