India must build domestic capacities in AI, cybersecurity to tackle rising threats: IT Secretary PSU Watch
News Updates

India must build domestic capacities in AI, cybersecurity to tackle rising threats: IT Secretary

IT Secretary said that rapid digitisation has brought significant gains in ease of living, ease of doing business and economic efficiency, but has also exposed businesses and individuals to evolving cyber risks

PTI

New Delhi: The Government on Monday stressed the need to build domestic capabilities in artificial intelligence and cybersecurity, with IT Secretary S Krishnan saying India has "no other option" but to strengthen indigenous capacity as cyber threats grow in scale and sophistication.

Krishnan said rapid digitisation has brought significant gains in ease of living, ease of doing business and economic efficiency, but has also exposed businesses and individuals to evolving cyber risks.

Follow The PSUWatch Channel on WhatsApp

"A critical area we need to act on is ensuring that in the AI space, what is the infrastructure and the capability we build as a country, both in terms of models, data, how we use this, how this infrastructure is something that we can support ourselves with, and the critical thing here is building domestic capacity," Krishnan said.

Cybersecurity is one of the most important concerns to be prioritised for preserving the benefits derived from digitisation, Krishnan emphasised.

The secretary also released the second edition of the Digital Threat Report 2025–26 for the Banking, Financial Services and Insurance (BFSI) and payments ecosystem. The report provides financial institutions, regulators and cybersecurity leaders with an executive assessment of the threats reshaping banking, financial services, insurance and digital payments.

"In today's world, all of us understand that cybersecurity is one of the most important concerns that we have to address if we have to preserve all the benefits that we have derived from digitisation," Krishnan said.

He noted that cyber threats now span multiple levels, from cybercrime targeting individuals through financial and reputational losses, to ransomware attacks on organisations, and cyber warfare that can undermine governments and national infrastructure.

He said while artificial intelligence (AI) enables malicious actors to mount more sophisticated attacks, at the same time, it equips defenders with advanced tools to detect and respond to threats more quickly.

Calling for continuous vigilance, Krishnan said cybersecurity should be treated as an "enterprise-wide systemic risk" and embedded into broader digital governance frameworks, including AI governance, alongside privacy and operational resilience.

He also emphasised the need to strengthen identity and access management, build resilient software and hardware systems, and ensure business continuity in the face of cyber threats.

On AI, Krishnan said India must develop domestic capabilities across models, data and computing infrastructure.

"In this particular space, there is no other option but to build domestic capacity," Krishnan said, adding that strengthening indigenous technological capabilities is critical for safeguarding the country's digital ecosystem and reducing strategic vulnerabilities.

The report released by the Ministry of Electronics and Information Technology (MeitY), along with the Indian Computer Emergency Response Team (CERT-In), the Computer Security Incident Response Team in Finance (CSIRT-Fin) and SISA, draws on extensive digital forensics and incident response (DFIR) research, analysis aligned with CERT-In and CSIRT-Fin observations, and research into adversarial AI.

Follow PSU Watch on LinkedIN

Its central finding is that six of the seven forward-looking predictions made in last year's edition have already reached full-scale realisation - demonstrating, therefore, how the time between the emergence of a threat and its operational exploitation is shrinking, often from years to months or even weeks.

Threats previously considered emerging or episodic - including social engineering, credential theft, supply-chain compromise and cloud exploitation - are now established attack methods. The consequence is a threat environment where the most damaging attacks no longer resemble traditional intrusions at all. They surface as legitimate sessions, approved payments, manipulated workflows, or ordinary user behaviour that is indistinguishable from genuine activity until the damage is already done.

"The distance between innovation and exploitation has narrowed dramatically, and that single shift changes everything about how our industry must defend itself," Dharshan Shanthamurthy, Founder and CEO of SISA, said.

The report identifies AI asymmetry as one of the defining risks facing financial institutions. Activities that once required specialist teams, significant resources and weeks of effort can increasingly be performed at 'machine speed' by comparatively low-resource threat actors. This is placing offensive capabilities on a faster development curve than many of the defensive and regulatory mechanisms designed to contain them.

A standout of this edition is the Anatomy of Cyber Failure - a 4-Layer Gap Archetype Framework that reconstructs, end to end, how a modern breach actually happens. Seen through this lens, a breach is rarely a single lapse but a chain of compounding weaknesses, helping organisations identify recurring patterns, prioritise systemic risks and direct investments toward the gaps with the greatest potential impact.

For the industry and institutions, the report identifies the shifts likely to reshape the sector and sets out an 18-month roadmap - moving from strengthening foundational controls to building continuous capabilities and, ultimately, more resilient security architectures.

"As India's financial ecosystem becomes more interconnected, real-time and technology-driven, cyber resilience must be treated as a shared responsibility across institutions, regulators and the wider digital supply chain," Sanjay Bahl, Director General of CERT-In, said.

Indian Computer Emergency Response Team, or CERT-In, is the national nodal agency for responding to computer security incidents.

(PSU Watch is India's Business News centre that places the spotlight on PSUs, Bureaucracy, Defence and Public Policy. 👉 Click to join our channel now: PSUWatch WhatsApp Channel. Prefer LinkedIn? Follow PSU Watch on LinkedIN. Click to stay connected on Twitter here and stay updated)

Retail inflation inches up to 4.38% in May: Govt data

GRSE wins SKOCH Award for CSR initiative 'Project Akansha'

HUDCO signs MoU with Odisha Govt to provide Rs 1 lakh crore for urban infrastructure projects

Stock markets end flat as West Asia tensions, higher oil prices weigh on sentiment

3rd BRICS transport Ministers' meeting adopts declaration on sustainable aviation fuel, infra circularity