

New Delhi: The rapid transformation of banking and financial services is creating a fundamentally new cyber threat landscape, according to a report that argues traditional security models are no longer sufficient to serve today's interconnected ecosystems.
The Digital Threat Report 2025-26, released on Monday, notes that conventional cybersecurity architectures were designed around centralised systems where trust boundaries were defined.
Follow The PSUWatch Channel on WhatsApp
Today's financial ecosystem, however, is built around interconnected platforms, embedded finance, AI-driven decision-making and real-time payments, dramatically expanding the attack surface, says the new report by the Ministry of Electronics and Information Technology (MeitY), Indian Computer Emergency Response Team (CERT-In), the Computer Security Incident Response Team in Finance (CSIRT-Fin) and SISA.
"Modern financial attacks are moving from direct compromise to trust-chain manipulation across biometric onboarding, partner apps, AI decisioning, real-time payments, APIs, programmable finance, and third-party ecosystems. Attackers are exploiting the gaps between systems, institutions, and workflows, where no single control owner has full visibility," the report said.
According to the report, this is resulting in a new threat model where a breach is no longer isolated to credentials or transactions, but embedded across identity, AI, APIs, payment logic, and supply chains.
The convergence of real-time irreversibility, AI-driven decisioning, programmable financial logic, continuous identity planes, and ecosystem-dependent operations creates a threat environment where speed, complexity, and interdependency all compound simultaneously.
"Regulatory compliance frameworks are catching up, but they are catching up to an architecture that is itself still evolving," it said.
Follow The PSUWatch Channel on WhatsApp
The lag between structural change and security model adaptation is the "window" that sophisticated threat actors are actively exploiting.
Conventional security architectures were designed for a world where control was centralised and trust was bounded, it said, but pointed out that such a design does not hold in the current operating environment.
The report warned that as digital services span multiple platforms, fragmented security and identity-based access increase risks, with a single compromised identity potentially enabling persistent, cross-platform access to multiple accounts and services.
"When identity becomes the primary control plane for access and transactions, built on biometrics, continuous authentication signals, and cross-system token chains, a single identity compromise no longer affects one account. It provides broad, persistent, cross-system access," it said.
Compliance monitoring that relies on control signals becomes `weaponisable' as attackers can suppress logs, manipulate alert thresholds, and maintain the appearance of a clean posture while operating inside a compromised environment, according to the report.
Follow PSU Watch on LinkedIN
The threat surface is no longer a perimeter. Instead, it is a distributed continuous shifting mesh of relationships across partners, platforms, models, APIs and infrastructure layers. None of which an institution fully owns or controls, said the Digital Threat Report for the banking, financial services and insurance sector.
(PSU Watch is India's Business News centre that places the spotlight on PSUs, Bureaucracy, Defence and Public Policy. 👉 Click to join our channel now: PSUWatch WhatsApp Channel. Prefer LinkedIn? Follow PSU Watch on LinkedIN. Click to stay connected on Twitter here and stay updated)