Skip to content
Chimera readability score 72 out of 100, Expert reading level.

NEW DELHI/MUMBAI: India’s largest banks are stepping up cyber defences, hiring, and insurance coverage as concerns grow that advanced AI systems could make cyberattacks faster and harder to contain, exposing gaps in preparedness and protection.
The pressure has risen after a finance ministry meeting with top banking executives on 23 April focused on banks’ preparedness for AI-linked cyber threats. The meeting came weeks after Anthropic unveiled Claude Mythos, a frontier AI model the company said could identify vulnerabilities and conduct cyberattacks at unprecedented speed.
Concerns around AI-enabled attacks have grown since September last year, when a cloud storage server exposed personal banking data of nearly 300,000 individuals, including loan account details linked to several large banks and non-banking finance companies.
India’s largest private lender, HDFC Bank, told Mint it reviews cyber insurance annually and is now widening coverage as risks evolve.
“The bank is continuously strengthening its cyber security posture, including hiring highly-skilled talent across security engineering, developer security operations, red-teaming or simulation of cyber attacks, and AI security,” said Ramesh Lakshminarayanan, group head of information technology and chief information officer at HDFC Bank.
At Axis Bank, teams participate in programmes such as adversarial AI and ‘red teaming’ to simulate attacks. They also receive training in AI-driven threat detection and analytics in the bank’s security operations centre, said Vinay Tiwari, the bank’s chief information security officer.
“Our approach is to build a cybersecurity operating model that is proactive, adaptive and continuously monitored, ensuring resilience against emerging threats, including those driven by AI,” Tiwari added.
In December 2025, cybersecurity firm Indusface said India’s BFSI sector faced more than 4.1 million cyberattacks every month last year, up 15% on year. Reserve Bank of India data recorded 248 cyber incidents involving scheduled commercial banks during the year.
The rise in incidents has raised concerns among banks about their preparedness for faster and more complex attacks.
Rising risk
On 13 April, Cisco Systems, part of Anthropic’s initial Claude Mythos AI trial group, released an eight-page document for banking, financial services and insurance (BFSI) firms on security practices. Mint independently reviewed the document.
Cisco recommended standardising cyber defence and embedding ‘active cyber defence’ into bank systems. “Integrating AI into acceptance and validation phases significantly reduces the deployment bottleneck, compressing the transition from code-complete to field deployment from months to days,” the note by Cisco said.
Aditya Varma, leader for public sector security, India and Saarc at Cisco Systems, said risks for banks are rising sharply.
“The truth is that even though banks are more sophisticated than other enterprises in technology adoption, they are also exponentially more exposed to cyber threats. We’re already hearing of malicious large language models such as TA457 and VoidLink that can create threats we don’t even know of today, and all it will take for us to see a WannaCry-level global, multi-billion-dollar disruption is for one of India’s major banks to face an unprecedented outage and attack,” Varma said.
Jayant Saran, partner for forensic and financial crime at Deloitte, added that a lack of ample skilled engineers is compounding the concerns at India’s top banks.
“The average info-sec officer at a bank is a managerial executive, and pretty much none of India’s biggest banks have the kind of engineers with the sophisticated skills that the current level of AI threats will need BFSI firms to have. There’s no answer to this, because there aren’t enough such engineers either. Bank chiefs are already looking for ways to bridge this gap,” Saran said.
India has about 350,000 cybersecurity professionals across roles, against demand for nearly one million engineers, according to staffing industry estimates.
Coverage gap
Cyber insurance has also struggled to keep pace.
According to a senior banker, while banks have cyber insurance, most policies do not cover AI-related incidents. “While there are yearly external audits that point out how much and what kind of insurance a bank needs, newer risks will have to be covered through add-ons and products that are hardly available in India,” the banker said.
Insurers and brokers say AI-specific cyber products remain at an early stage.
Smita Tibrewal, chief insurance officer at Generali Central Insurance, said offerings are beginning to emerge in the market, but they remain at a relatively early stage of development.
“Underwriting AI-related cyber risks is complex, primarily because the market is still in its infancy and historical claims data remains limited. This lack of precedent makes risk modelling and pricing more challenging,” she added.
Amit Goel, director at insurance broker Equirus Raghnall Insurance Broking, added that there are very few AI add-ons available to banks, even in enterprise-grade cyber insurance.
“While BFSI has rapidly adopted AI for customer servicing, underwriting, fraud analytics and operations, insurance products have not evolved at the same pace. While some global insurers and Lloyd’s insurance marketplace are evaluating AI extensions, there are very limited structured offerings specific to AI cyber exposures,” he added.
Together, these gaps in capability and coverage are creating a widening risk window for banks.
Abhinav Bansal, head of risk advisory at BCG India, said AI risks are rising because they come from general improvements in AI systems, not from systems built specifically for security testing.
“These threats are likely to thus diffuse across other AI models sooner than later. This can reduce the cost and time of vulnerability discovery of IT systems, reducing the cost and ease of a cyber attack, while increasing the financial damage of it. This is only likely to aggravate. Banks must thus act fast, and be decisive,” Bansal said.

Facts Only

* A finance ministry meeting focusing on banks’ preparedness for AI-linked cyber threats occurred on April 23.
* Anthropic unveiled Claude Mythos, a frontier AI model capable of identifying vulnerabilities and conducting cyberattacks.
* A cloud storage server exposed personal banking data of nearly 300,000 individuals, including loan account details, in September of last year.
* HDFC Bank reviews cyber insurance annually and is widening coverage as risks evolve.
* HDFC Bank is hiring highly-skilled talent across security engineering, developer security operations, red-teaming, and AI security.
* Axis Bank teams participate in adversarial AI and ‘red teaming’ programs.
* Cybersecurity firm Indusface reported that India’s BFSI sector faced more than 4.1 million cyberattacks every month last year, up 15% on year.
* Reserve Bank of India data recorded 248 cyber incidents involving scheduled commercial banks during the year.
* Cisco Systems recommended standardizing cyber defense and embedding ‘active cyber defense’ into bank systems.
* Staffing estimates indicate India has about 350,000 cybersecurity professionals, against a demand for nearly one million engineers.
* Most current cyber insurance policies do not cover AI-related incidents.

Executive Summary

India’s largest banks are addressing growing concerns that advanced AI systems pose increased risks for cyberattacks, prompting steps to strengthen defenses, hiring, and insurance coverage. This pressure followed a finance ministry meeting focused on banking preparedness for AI-linked cyber threats, which occurred after the unveiling of frontier AI models like Claude Mythos. Specific institutions like HDFC Bank and Axis Bank are enhancing their security postures by hiring specialized talent in areas such as security engineering and AI security, and by engaging in adversarial simulations like ‘red teaming.’ Cybersecurity firms and experts have highlighted the rising exposure, noting that malicious large language models can create novel threats and that the lack of specialized engineers compounds the risk. Furthermore, there is a recognized coverage gap in cyber insurance, as current policies often do not cover AI-related incidents, creating a widening risk window for the sector.

Full Take

The narrative surrounding AI-driven cyber threats leverages fear of unprecedented disruption to drive immediate action among financial institutions. The core tension lies in the exponential increase in technical sophistication (e.g., malicious LLMs creating unknown threats) contrasted with the slow pace of institutional and market adaptation, particularly in talent and insurance coverage. The data points to a systemic failure where technological advancement has outpaced the development of necessary protective frameworks and regulatory structures. The focus on hiring engineers and insurance products highlights a structural deficit: the expertise required to manage these risks is scarce, and the market mechanisms (insurance) have not yet caught up to the risk profile. This pattern suggests that risk mitigation is currently reactive, addressing symptoms rather than the foundational systemic vulnerability—the gap between general AI capability and specific, hardened security deployment. The narrative positions banks as the critical, yet lagging, actors in a rapidly evolving threat landscape, implicitly framing the solution as an urgent necessity for survival rather than an inevitable outcome of prudent risk management.

Sentinel — Human

Confidence

The text is highly coherent and grounded in specific, verifiable sources, exhibiting the structure and voice of professional, human-authored investigative financial journalism.

Signals Detected
low severity: Natural variance in sentence length and rhythm; presence of specific, context-driven quotes.
low severity: Passionate and focused narrative driven by specific, disparate expert voices, not a generalized, neutral tone.
medium severity: Structured presentation of data and expert commentary, aligning with typical high-level financial/tech reporting templates.
low severity: Specific attribution of statistics (e.g., 4.1 million attacks, 248 incidents) and named, seemingly real corporate/firm perspectives, indicating strong grounding.
Human Indicators
The incorporation of highly specific, named experts (e.g., Ramesh Lakshminarayanan, Aditya Varma, Smita Tibrewal) and their direct, sector-specific commentary.
The blending of macro-level concerns (AI risk) with micro-level details (insurance gaps, staffing numbers, specific bank incidents).
The nuanced discussion of systemic gaps (skills vs. demand, insurance vs. reality) which requires human synthesis rather than rote aggregation.