India’s banking, financial services, and insurance (BFSI) industry is experiencing cyberattacks at a rate that is 1. 6 times the global average, even though the number of incidents has more than doubled in the last four years.

According to a combined report by Boston Consulting Group (BCG) and the Data Security Council of India (DSCI), there were 2. 9 million cyber incidents in the Indian BFSI industry in 2025, up from 1. 4 million in 2021.

It found that the average period to contain a breach in India is 263 days and rising, indicating growing difficulties in cyber response and recovery.

Due to the fact that quick digitization and close system links have raised their risk profile to that of bigger players without the necessary levels of cyber investment, mid-sized financial institutions are at a higher risk.

According to the study, the Indian BFSI market is undergoing a structural change in which traditional cybersecurity approaches are insufficient to counter quickly developing AI-driven threats.

It went on to state that institutions must now concurrently protect against AI-powered attacks, deploy AI for cybersecurity, and secure their own AI systems, calling this a synchronous security challenge.

The report’s lead author, Nisha Bachani, Managing Director and Partner at Boston Consulting Group, stated that AI has changed the economics of cyber risk by shortening the window of opportunity for assaults and lowering the expense of starting complex threats.

Still, she says, remediation and defense strategies are falling behind.

For medium-tier companies, where risks are great but investments are still restricted, she said that the difference between attack speed and response capability is the greatest.

The CEO of DSCI, Vinayak Godse, stated that frontier AI is speeding up the confluence of digital scale, cyber risk, and business resiliency in the BFSI sector.

He said that the financial system’s ability to gain trust and competitiveness in the future would depend on its capacity to protect AI-powered operations.

According to the report, 83% of CISOs are now integrating AI into their cyber operations, while 76% rate AI-enabled attacks as one of their main cyber priorities for 2026.

It also stated that an increasing percentage of companies are starting to use independent or agentic security systems, with 71% of organizations achieving AI-assisted maturity in security operations centers.

It pointed out that while India’s regulatory participation has aided in the development of robust cybersecurity baselines, the following stage will demand a move away from control-heavy frameworks and toward a synchronous resilience model across the business, risk, legal, and technology departments.

The report also advocated closer cooperation between regulators and institutions in order to improve third-party risk management frameworks and threat intelligence sharing.