India enters next phase of governance transformation with AI-driven administrative reforms: MoS (See 'Corp Brief') IPR - If infringing use is coupled alleged fraudulent online payment & earning schemes, conduct may be treated not merely as trademark infringement and passing off, but also as phishing & cyber fraud justifying urgent intervention: HC (See 'Legal Desk') MeitY releases 2nd edition of the Digital Threat Report 2025-26 for BFSI Sector (See 'Corp Brief') On Eve of Bharat Tex 2026, India prepares to host World's Largest Global Textiles Expo (See 'Corp Brief') IPR - In vitro screening method functions as diagnostic process, which is barred from patentability u/s 3(i) of Patents Act: HC (See 'Legal Desk') 'SANKALP' to guide CPWD's Journey towards Future-Ready Organisation: Union Minister (See 'Corp Brief') Healthcare facilities worth Rs 668 Crore to benefit 53 Lakh ESI Beneficiaries (See 'Corp Brief') Chouhan gives message of Green India during dialogue with Vriksh Mitra (See 'Corp Brief') IPR - If on visual comparison, rival medicinal marks are strikingly similar in essential features, overall get up and packaging, and where trade channels and consumer base are common, likelihood of deception is sufficient to justify interim injunction: HC (See 'Legal Desk') Lakhanpur among first towns selected under PM SVANidhi 'Street Food Hub' Plan: MoS (See 'Corp Brief') Paswan hails PMFME Scheme's landmark achievement of 2 lakh Credit-Linked Beneficiaries (See 'Corp Brief') 500 officials participate in inaugural webinar on Anemia and Adolescent Health (See 'Corp Brief') IPR - Purpose of summary judgment in commercial suits is to ensure time-bound disposal and that trial is not default norm: HC (See 'Legal Desk') Ministry of Textiles to organise 'Weave The Future 4.0 - Upcycling Edition' at Dilli Haat (See 'Corp Brief') IPR - For purposes of Sec 57 of Trade Marks Act, foreign proprietor may succeed in rectification by proving that its mark had acquired actionable recognition, even without formal commercial launch or direct sales: HC (See 'Legal Desk') Nadda chairs Steering Group Meeting of Ayushman Bharat Digital Mission (See 'Corp Brief') DoP and TRAI to conduct Village-Level Telecom Network Performance Survey (See 'Corp Brief') IBC - Demand notice in Form B under Rule 7(1) of Personal Guarantor Rules is only procedural requirement prior to filing and does not amount to invocation of guarantee: NCLT (See 'Legal Desk') Department of Commerce reviews Andhra FCV Tobacco Marketing Season 2025-26 (See 'Corp Brief') Minister inaugurates Centre of Excellence on Human-Wildlife Conflict at WII-SACON (See 'Corp Brief') SARFAESI - Borrowers who fail to timely invoke MSME framework are precluded from seeking its protection at belated stage after SARFAESI proceedings have commenced: HC (See 'Legal Desk') ITADCs to emerge as one-stop growth hubs for Textile Entrepreneurs: Giriraj Singh (See 'Corp Brief') NMCG's focus on Nature Based Solutions: Initiation of two pilot projects and training programs on NbS (See 'Corp Brief') Competition Act - OP entered into anti-competitive agreements & abused its dominant position by imposing unfair & restrictive conditions on participants in its beauty pageant, in contravention of Sections 3 & 4 - D-G to probe matter: CCI (See 'Legal Desk') Tech Innovation and disruption in Construction Industry (See 'CORP EINSICHT')

MeitY releases 2nd edition of the Digital Threat Report 2025-26 for BFSI Sector

Published: Jul 14, 2026

By TIOLCorplaws News Service

NEW DELHI, JULY 14, 2026: THE Ministry of Electronics and Information Technology (MeitY), along with the Indian Computer Emergency Response Team (CERT-In), the Computer Security Incident Response Team in Finance (CSIRT-Fin) and SISA, yesterday released the second edition of the Digital Threat Report 2025-26 for the Banking, Financial Services and Insurance (BFSI) and payments ecosystem. The report provides financial institutions, regulators and cybersecurity leaders with an executive assessment of the threats reshaping banking, financial services, insurance and digital payments.

Addressing the gathering at the launch of the report, S. Krishnan, Secretary MeitY said, "As cyber threats become increasingly sophisticated, trusted partnerships between public institutions and industry are essential to strengthening digital trust. The Digital Threat Report represents a meaningful collaboration among CERT-In, CSIRT-Fin and SISA. This partnership demonstrates how expertise developed in India can contribute both to our national cyber resilience and to advancing cybersecurity knowledge globally."

The report draws on extensive digital forensics and incident response (DFIR) research, analysis aligned with CERT-In and CSIRT-Fin observations, and research into adversarial AI. Its central finding is that six of the seven forward-looking predictions made in last year's edition have already reached full-scale realization. This rapid progression demonstrates how the time between the emergence of a threat and its operational exploitation is shrinking, often from years to months or even weeks.

Threats previously considered emerging or episodic - including social engineering, credential theft, supply-chain compromise and cloud exploitation - are now established attack methods. The consequence is a threat environment where the most damaging attacks no longer resemble traditional intrusions at all. They surface as legitimate sessions, approved payments, manipulated workflows, or ordinary user behaviour that are indistinguishable from genuine activity until the damage is already done.

"The distance between innovation and exploitation has narrowed dramatically, and that single shift changes everything about how our industry must defend itself," said Dharshan Shanthamurthy, Founder & CEO of SISA. "The BFSI industry is built on trust - trust that a transaction is genuine, that the systems processing it are acting as intended, that money will move securely and irreversibly through a network of institutions that depend on one another. When that trust is weakened, the impact is never contained to a single breach or a single firm; it ripples across customers, partners, markets, and entire economies. This is why cybersecurity can no longer sit at the edge of the business as a technical control function. It has to become central to how institutions grow, innovate, and lead. Our work in forensics has taught us a simple truth: every breach leaves behind a lesson, and if we are willing to learn fast enough, those lessons can turn disruption into foresight."

The report identifies AI asymmetry as one of the defining risks facing financial institutions. Activities that once required specialist teams, significant resources and weeks of effort can increasingly be performed at machine speed by comparatively low-resource threat actors. This is placing offensive capabilities on a faster development curve than many of the defensive and regulatory mechanisms designed to contain them.

"We are pleased to collaborate with SISA for the second consecutive year on the Digital Threat Report for the BFSI Industry," said Dr. Sanjay Bahl, Director General, CERT-In. "As India's financial ecosystem becomes more interconnected, real-time and technology-driven, cyber resilience must be treated as a shared responsibility across institutions, regulators and the wider digital supply chain. The report highlights the need to move beyond periodic security interventions towards continuous risk assessment, coordinated response and stronger information sharing. By translating emerging threat patterns into actionable guidance, it aims to help financial institutions anticipate systemic risks, strengthen operational resilience and protect trust in the country's digital financial infrastructure."

To help leaders steering enterprise security understand why well-established controls still fail under real-world pressure, the report looks beyond individual incidents to examine the conditions that allow breaches to escalate. A standout of this edition is the Anatomy of Cyber Failure - a 4-Layer Gap Archetype Framework that reconstructs, end to end, how a modern breach actually happens. Seen through this lens, a breach is rarely a single lapse but a chain of compounding weaknesses, helping organizations identify recurring patterns, prioritize systemic risks and direct investments toward the gaps with the greatest potential impact.

Envisioned to move from findings to foresight, the report converts this diagnosis into direction. For the industry and institutions, it identifies the shifts likely to reshape the sector and sets out an 18-month roadmap - moving from strengthening foundational controls to building continuous capabilities and, ultimately, more resilient security architectures.

The 2025-26 Digital Threat Report is available at [link].

About CERT-In

CERT-In is the national nodal agency for responding to computer security incidents as and when they occur. In the Information Technology Amendment Act 2008,CERT-In has been designated to serve as the national agency to perform the following functions in the area of cyber security:

- Collection, analysis and dissemination of information on cyber incidents.

- Forecast and alerts of cyber security incidents.

- Emergency measures for handling cyber security incidents.

- Coordination of cyber incident response activities.

- Issue guidelines, advisories, vulnerability notes and whitepapers relating to information security practices, procedures, prevention, response and reporting of cyber incidents.

- Such other functions relating to cyber security as may be prescribed

For more details: www.cert-in.org.in.

About CSIRT-Fin

Computer Security Incident Response Team in Finance sector (CSIRT-Fin), is a nodal sectoral CSIRT which provides Incident Prevention and Response services as well as Security Quality Management Services to the entities of the Indian financial sector. It manages cyber incidents and coordinate responses across banking, securities market infrastructure, insurance, and pension funds entities. It carries out the following roles related to the cyber security in financial sector:

- Collection, analysis & dissemination of information on cyber incidents.

- Forecast and alerts on cyber security incidents.

- Emergency measures on cyber security incidents.

- Coordination for cyber incident response activities.

- Issue guidelines, advisories, vulnerability, and white papers relating to information security.

- Monitor sectoral efforts in the financial sector towards maintaining dynamic and modern cyber security architecture, developing awareness amongst regulated entities and public in general.

- Such other functions relating to cyber security in the financial sector, as may be prescribed.

About SISA

SISA is a global leader in cybersecurity for the payment ecosystem, operating at the intersection of  AI, cybersecurity, and payments. Trusted by leading brands and financial institutions across  40+ countries , SISA secures over  1,000 organizations  by helping them anticipate threats, strengthen resilience, and protect critical payment infrastructure. Powered by  real-world breach intelligence,  SISA enables organizations to stay ahead of evolving cyber risks. Follow SISA on LinkedIn for the latest insights on cybersecurity, payment security innovation, and emerging technologies. 

For more details: www.sisa.ai.

TIOL CORP SEARCH

TIOL GROUP WEBSITES