Inside India’s banks’ scramble to catch up with AI-powered hackers

India’s largest private lender, HDFC Bank, told Mint it reviews cyber insurance annually and is now widening coverage as risks evolve.

“The bank is continuously strengthening its cyber security posture, including hiring highly-skilled talent across security engineering, developer security operations, red-teaming or simulation of cyber attacks, and AI security,” said Ramesh Lakshminarayanan, group head of information technology and chief information officer at HDFC Bank.

At Axis Bank, teams participate in programmes such as adversarial AI and ‘red teaming’ to simulate attacks. They also receive training in AI-driven threat detection and analytics in the bank’s security operations centre, said Vinay Tiwari, the bank’s chief information security officer.

“Our approach is to build a cybersecurity operating model that is proactive, adaptive and continuously monitored, ensuring resilience against emerging threats, including those driven by AI,” Tiwari added.

In December 2025, cybersecurity firm Indusface said India’s BFSI sector faced more than 4.1 million cyberattacks every month last year, up 15% on year. Reserve Bank of India data recorded 248 cyber incidents involving scheduled commercial banks during the year.

The rise in incidents has raised concerns among banks about their preparedness for faster and more complex attacks.

Cisco recommended standardising cyber defence and embedding ‘active cyber defence’ into bank systems. “Integrating AI into acceptance and validation phases significantly reduces the deployment bottleneck, compressing the transition from code-complete to field deployment from months to days,” the note by Cisco said.

Aditya Varma, leader for public sector security, India and Saarc at Cisco Systems, said risks for banks are rising sharply.

“The truth is that even though banks are more sophisticated than other enterprises in technology adoption, they are also exponentially more exposed to cyber threats. We’re already hearing of malicious large language models such as TA457 and VoidLink that can create threats we don’t even know of today, and all it will take for us to see a WannaCry-level global, multi-billion-dollar disruption is for one of India’s major banks to face an unprecedented outage and attack,” Varma said.

Jayant Saran, partner for forensic and financial crime at Deloitte, added that a lack of ample skilled engineers is compounding the concerns at India’s top banks.

“The average info-sec officer at a bank is a managerial executive, and pretty much none of India’s biggest banks have the kind of engineers with the sophisticated skills that the current level of AI threats will need BFSI firms to have. There’s no answer to this, because there aren’t enough such engineers either. Bank chiefs are already looking for ways to bridge this gap,” Saran said.

According to a senior banker, while banks have cyber insurance, most policies do not cover AI-related incidents. “While there are yearly external audits that point out how much and what kind of insurance a bank needs, newer risks will have to be covered through add-ons and products that are hardly available in India,” the banker said.

Insurers and brokers say AI-specific cyber products remain at an early stage.

Smita Tibrewal, chief insurance officer at Generali Central Insurance, said offerings are beginning to emerge in the market, but they remain at a relatively early stage of development.

“Underwriting AI-related cyber risks is complex, primarily because the market is still in its infancy and historical claims data remains limited. This lack of precedent makes risk modelling and pricing more challenging,” she added.

Amit Goel, director at insurance broker Equirus Raghnall Insurance Broking, added that there are very few AI add-ons available to banks, even in enterprise-grade cyber insurance.

“While BFSI has rapidly adopted AI for customer servicing, underwriting, fraud analytics and operations, insurance products have not evolved at the same pace. While some global insurers and Lloyd’s insurance marketplace are evaluating AI extensions, there are very limited structured offerings specific to AI cyber exposures,” he added.

Together, these gaps in capability and coverage are creating a widening risk window for banks.

Abhinav Bansal, head of risk advisory at BCG India, said AI risks are rising because they come from general improvements in AI systems, not from systems built specifically for security testing.

“These threats are likely to thus diffuse across other AI models sooner than later. This can reduce the cost and time of vulnerability discovery of IT systems, reducing the cost and ease of a cyber attack, while increasing the financial damage of it. This is only likely to aggravate. Banks must thus act fast, and be decisive,” Bansal said.