Read the full story
Source: The Hindu BusinessLine

AI-enabled cyber threats emerged as the leading perceived risk over the next 12 months: RBI survey
The RBI Financial Stability Report warns that AI-based cyberattacks are now a major risk for Indian lenders. Experts are worried that hackers can now use smart technology to attack banks faster.
The Reserve Bank of India (RBI) has released its latest Financial Stability Report (FSR), highlighting AI-enabled cyber threats as the top risk for the next year. As banks move toward digital platforms, the risk of sophisticated attacks has increased significantly. The report warns that India currently ranks third globally in cyberattack volumes, following only Russia and Ukraine, placing a heavy burden on Indian financial institutions to protect customer money.
The RBI surveyed 33 Scheduled Commercial Banks and 10 large Non-Banking Financial Companies (NBFCs) to understand their readiness. The findings show that rapid advances in Artificial Intelligence (AI) allow hackers to launch incidents with greater speed and scale. About 42 percent of the institutions surveyed believe that global political tensions have further increased the chances of these attacks happening snartly.
According to the survey, many Indian banks are still in the 'Developing' or 'Intermediate' stages of preparing for AI threats. Only a small number of lenders feel they are in the 'Mature' stage. This means most banks are still building the tools needed to detect and stop smart viruses or hacking attempts that use machine learning (AI systems that learn from data).
Another big concern is 'Third-party dependency.' Around 93 percent of banks rely on outside vendors for important jobs like Cloud Security and Incident Response (actions taken to stop a live hack). The RBI warned that if one major tech provider gets hacked, it could cause a chain reaction that breaks the systems of many banks at the same time. This is known as supply chain risk.
On a positive note, Indian banks are doing well at managing 'technology obsolescence' (using old, outdated software). About 93 percent of respondents said they have very little exposure to old systems that no longer get security updates. This shows that Indian bankers are actively replacing old computers and software to keep their systems strong and resilient.
Money spent on technology is also changing. For the 2025-26 period, 81 percent of banks said their IT spend is less than 5 percent of their total revenue. However, 71 percent of banks have increased their specific spending on cybersecurity over the last three years. This shows that even if total IT budgets are tight, protecting the bank from hackers is becoming the top priority for management.
Staffing is also expected to improve. Around 67 percent of banks plan to hire more IT and cybersecurity staff between March 2025 and March 2026. For bank officers, this means a greater focus on digital literacy and following strict security protocols. The RBI emphasized that employee awareness is just as important as having fancy software to prevent data loss or payment system failures.
Looking ahead, the RBI expects more 'regulatory harmonisation' (making the rules similar for all banks) to ensure everyone follows the same high standards. Bankers should watch for new guidelines on AI usage and vendor management. Staying alert to phishing and social engineering will remain a daily task for every bank official to maintain public trust in the Indian banking system.
