If you think that your money kept in the bank is completely safe, then this report of the Government of India may increase your concern. The Digital Threat Report 2025-26 released by the country’s cyber security agency CERT-In, CSIRT-Fin and cyber security company SISA has revealed a serious picture of the cyber threats looming on the banking, financial services and insurance (BFSI) sector. The report shows that now cyber crimes have become faster, smarter and more dangerous than ever because of AI.
Cyber attacks more than doubled in 4 years
According to the report, the speed of cyber attacks in India is about 1.6 times more than the world average. About 14 lakh cyber incidents were registered in the year 2021. At the same time, by 2025 this figure will reach more than 29 lakhs. This means that cyber attacks have more than doubled in just four years. The banking and financial sector is the most targeted.
Now not humans, AI is doing cyber attacks
The biggest revelation of the report is that now cyber attacks are not relying only on humans but Artificial Intelligence itself is handling a major part of the attacks. In November 2025, the world’s first cyber espionage campaign came to light, in which 80 to 90 percent of the work was done by AI itself. About 30 big institutions were targeted in this attack, including many financial companies.
AI can find system vulnerabilities by sending thousands of requests in a matter of seconds. The report says that the work which earlier took a team of expert hackers several weeks, is now done by AI in a few minutes. This means that now even small cyber criminals can target big banks with the help of AI.

Deepfake becomes the new weapon of hackers
According to the report, deepfake has now become not just a tool for entertainment but also a major weapon of cyber crime. Hackers are making fake video calls by copying the voice and face of senior officials and getting crores of rupees transferred. A rapid increase in such cases is being seen in India and South-East Asia. Not only this, even the KYC process of banks is being cheated by creating fake identities and fake documents. Especially video KYC and online account opening system are the most targeted.
Difficult to identify phishing emails due to AI
The report says that now identifying phishing emails and messages is not as easy as before. AI is preparing such emails and messages in which there is neither any language mistake nor anything that raises suspicion. Such messages are being sent to millions of people simultaneously, due to which the risk of fraud has increased manifold.
Threat to UPI and mobile banking also increased
In the report, UPI and mobile banking fraud have been included among the most serious threats. Hackers take advantage of the weaknesses in the OTP system and send multiple transactions simultaneously and confuse the system. Actually, UPI payment is completed in real time, so many times the money has already been withdrawn before the fraud is detected. The report also shows that in many cases, companies realize after weeks or months that cyber fraud has happened to them.
It takes 263 days to detect data theft
Another shocking figure has come to light in the report. It takes an average of 263 days to detect and prevent a data breach. This means that a hacker can remain present inside a system for about 9 months and no one is even aware of it. On the other hand, as soon as a weakness in any software comes to light, hackers take advantage of it and attack within a few hours.
Safe on paper, but failed in real attack
The report has also exposed the major reality of cyber security. Many banks and companies obtain all the necessary audits and security certificates, but during a real cyber attack, the same systems fail. The report calls it the gap between Compliance and Real Security. In many cases, the companies themselves did not come to know about the breach in their systems, but were informed about it by external agencies.
If one vendor is hacked, 70 banks are in trouble.
According to the report, Supply Chain Attack can become the biggest cyber threat in the coming time. In fact, due to the hack of a single vendor in 2025, more than 70 banks and credit unions of America were affected and the data of more than 1 million customers was put at risk. After this, in April 2026, the data of two big American banks simultaneously reached the ransomware website, because both were using the same technology vendor. This means that now it is not enough just for the bank to be safe. If any of its technology partners is weak then the entire system may be in danger.
New trick of ‘steal today, study tomorrow’
The report also warns about future dangers related to quantum computing. Hackers are already stealing and storing encrypted data. At present they cannot read this data, but when powerful quantum computers are available in the future, then this data can be easily decrypted. This strategy is called ‘Harvest Now, Decrypt Later. It is being said. Actually, the data of banks is kept safe for many years, hence this threat is considered to be the most serious for the banking sector.
What suggestions for government and RBI?
Many important suggestions have been given in the report for the government, RBI and other regulators. Liveness Detection should be made mandatory during digital onboarding, so that fake accounts cannot be opened through deepfakes. Before using AI system, it should be tested like a hacker. Human approval should be necessary in major financial decisions. Instead of conducting audit only once a year, a system of continuous monitoring should be made. Apart from this, a roadmap for the next 18 months has also been suggested which includes everything from implementing Phishing-proof Multi-Factor Authentication (MFA) to preparing for Quantum-proof Encryption.
What does it mean for the common man?
The biggest message of this report is that cyber threat is no longer limited to just banks or big companies. Your UPI, mobile banking app, video KYC, online banking and digital payments are all the targets of hackers. The report clearly says that the entire financial system runs on trust and cyber criminals are now trying to break this trust. In such a situation, blindly trusting any unknown link, QR code, OTP, suspicious message or video call can prove costly. A little caution can keep your bank account and your hard-earned money safe.
Also read: Can mobile towers also be hacked? Know what is its truth