RBI Flags AI Cyberattacks As Top Financial Stability Risk
The RBI said AI-enabled cyber threats have emerged as the biggest near-term cyber risk for banks and financial institutions.
News
- RBI Flags AI Cyberattacks As Top Financial Stability Risk
- Anthropic, OpenAI Push AI Deeper Into Scientific Research
- HDFC Bank Picks Rajiv Kumar as Chairman
- Persistent’s Nagarro Bet Tests Its Growth Premium
- Maruti Suzuki Onboards Sarvam AI, Four Other Startups
- Tech Mahindra Taps Perplexity For AI Sales Push
Image Credit- Chetan Jha/ MIT Sloan Management Review India
AI-enabled cyberattacks have emerged as the biggest near-term cyber risk for India’s financial sector, the Reserve Bank of India (RBI) said in its latest Financial Stability Report, warning that banks’ growing reliance on third-party technology providers could amplify threats across the system.
The RBI said cyber risk has become “a key financial stability concern in an increasingly digital and interconnected financial system,” as digital financial services expand the attack surface for malicious actors.
“Cyber incidents can disrupt critical financial infrastructure through service outages, data loss, and payment system interruptions, while also eroding public trust in the financial system,” the report said.
The assessment is based on a survey of major banks and non-banking financial companies (NBFCs). While 79% of respondents said more than three-fourths of customer transactions are now digital, 98% rated their current cyber risk exposure as very low to moderate.
Even so, nearly one-third reported a moderate or significant increase in cyber risk over the past year.
The RBI identified AI-enabled cyber threats as the leading perceived cyber risk over the next 12 months, ahead of third-party dependency and supply-chain risks.
“Rapid advances in AI can increase the sophistication, speed and scale of cyber incidents,” the RBI said, adding that most financial institutions remain in the “developing” or “intermediate” stages of incorporating AI-related threats into their cyber risk management frameworks.
The central bank said continued strengthening of threat monitoring, detection, incident response, employee awareness and cyber resilience would remain important, adding that regulatory harmonisation across the financial sector will be crucial.
Third-party technology dependence also emerged as a significant concern. According to the survey, 93% of respondents said they were partially or substantially dependent on external vendors for cybersecurity functions such as security operations centre monitoring, cloud security, incident response, threat intelligence and vulnerability assessments. Around three-fourths also reported moderate to very high operational dependence on third-party technology providers for critical applications.
“The increasing reliance on outsourcing introduces supply chain risk, especially where a limited number of service providers support multiple financial institutions simultaneously,” the report said. “A major cyber incident affecting any such provider could propagate rapidly across regulated entities, amplifying operational disruptions and posing risks to financial stability.”
The survey also found that financial institutions continue to invest in strengthening cyber capabilities. Around 67% of respondents increased IT and cybersecurity staffing between March 2025 and March 2026, while 71% reported that cybersecurity spending as a share of overall IT expenditure has risen over the past three financial years.
Overall IT spending, however, remained relatively modest, with 81% of surveyed institutions reporting IT expenditure below 5% of revenue during 2025-26.
The RBI said Indian financial institutions have established robust practices in vulnerability assessments, penetration testing and regulatory reporting of cyber incidents. However, it identified employee cybersecurity awareness and forensic preparedness as areas requiring further improvement because human behaviour remains one of the most common entry points for cyberattacks.
Beyond cyber risks, the Financial Stability Report said India’s financial system remains resilient despite global uncertainties, supported by strong bank and non-bank balance sheets, adequate capital and liquidity buffers, and improving asset quality.
The report cautioned, however, that geopolitical tensions, volatility in oil prices, elevated global public debt and a potential correction in AI-related equity valuations remain external risks that could affect financial stability.

