Home / Business and Economy / RBI Warns: AI Cyberattacks Top India's Risk List
RBI Warns: AI Cyberattacks Top India's Risk List
30 Jun
Summary
- AI cyberattacks identified as the foremost near-term risk for India's financial system.
- Third-party tech dependence and geopolitical uncertainty amplify financial vulnerabilities.
- Institutions are boosting cybersecurity spending but need better employee awareness.

Artificial intelligence-enabled cyberattacks have emerged as the paramount near-term risk to India's financial system. Banks and non-banking finance companies (NBFCs) have identified these sophisticated threats as their primary concern over the next twelve months, as detailed in the Reserve Bank of India's (RBI) recent Financial Stability Report (FSR).
The RBI's findings indicate that rapid digitalization has expanded the attack surface for malicious actors. While institutions are integrating AI-related risks into their cybersecurity frameworks, preparedness levels remain inconsistent, with most entities classifying their readiness as developing or intermediate.
Beyond AI threats, the RBI highlighted rising dependence on third-party technology providers as a significant vulnerability. A cyber incident affecting a major service provider could rapidly propagate across multiple regulated entities, amplifying operational disruptions and posing broader financial stability risks.
Geopolitical developments are also contributing to increased cyber concerns, with many institutions reporting that uncertainty has heightened the likelihood of cyberattacks. This underscores the need for continuous investment in technological and cybersecurity capabilities, including enhanced threat monitoring, incident response, and employee awareness training.
While financial institutions reported increased IT and cybersecurity workforce numbers and spending between March 2025 and March 2026, the RBI emphasized that employee awareness and forensic preparedness require further strengthening. Human error continues to be a primary entry point for cyberattacks, necessitating robust training and improved incident response mechanisms.