India BFSI Sector Faces Cyberattacks at 1.6 Times the Global Average: What GCC Financial Institutions Must Learn
India's BFSI sector absorbs cyberattacks at 1.6 times the global average with a mean breach containment time of 263 days, per BCG and DSCI. The AI-threat dynamics documented are a direct benchmark for GCC financial institutions.

Financial sector cybersecurity analysts monitoring threats in a modern SOC, illustrating the BCG and DSCI finding on BFSI cyberattack rates in 2026
India's banking, financial services and insurance sector is facing cyberattacks at 1.6 times the global average, according to a joint report published this week by Boston Consulting Group and the Data Security Council of India. Cyber incidents in the Indian BFSI sector rose from 1.4 million in 2021 to 2.9 million in 2025. The mean time to contain a breach now stands at 263 days and continues to rise.
These figures are not an India story. They are a benchmark that every financial institution operating at scale in a rapidly digitalising economy must read carefully, including those across the GCC. The BCG and DSCI report arrives at a moment when the Gulf's financial sector is navigating precisely the same dynamics at accelerating speed.
The Saudi banking sector, the UAE fintech ecosystem, and Gulf insurance and capital markets are each expanding their digital footprint, integrating AI-driven services, and deepening third-party connectivity. As noted in the GCC Cybersecurity 2026 risk overview published on this site, digital scale and cyber exposure are growing in tandem across the region, and the investment in security controls is not keeping pace at most organisations.
AI has rewritten the economics of cyber risk
The report's central finding is one that resonates well beyond any single geography. Nisha Bachani, Managing Director and Partner at BCG and lead author, states that artificial intelligence has compressed the time available for attacks and reduced the cost of launching sophisticated threats. Defence and remediation cycles are still lagging.
The gap between attack speed and response capability is described as most severe at mid-tier organisations, where risk exposure is comparable to that of larger players but security investment remains significantly lower. This mirrors what GCC banking security analysts have been documenting: regional mid-market financial institutions, including smaller banks, insurance subsidiaries, and fintech platforms, carry risk profiles equivalent to large institutions without the corresponding security infrastructure. The case for managed detection and response in the GCC rests on exactly this gap.
Mid-sized institutions carry disproportionate risk
The BCG and DSCI report identifies mid-sized financial institutions as particularly exposed. Rapid digitalisation and deep system interconnections have raised their risk profile to that of larger players without the corresponding security investment.
Vinayak Godse, CEO of DSCI, describes the situation as a convergence of cyber risk, digital scale and business resilience, with the ability to secure AI-driven operations becoming a defining factor for competitive positioning and institutional trust.
For the UAE, which absorbed between 600,000 and 800,000 breach attempts per day at peak in early 2026 according to the UAE Cyber Security Council, the mid-tier institution risk profile is an active operational concern, not a theoretical one. The Central Bank of the UAE and SAMA in Saudi Arabia each impose sector-specific cybersecurity requirements on financial institutions. The compliance baseline is established. What the BCG and DSCI data reveals is that compliance does not equal readiness when attacker timelines have compressed to match or exceed remediation capacity.
CISO priorities are shifting sharply toward AI
Seventy-six per cent of CISOs surveyed rank AI-enabled attacks among their top cyber priorities for 2026. Eighty-three per cent are embedding AI into security operations. Seventy-one per cent have reached AI-assisted maturity in their security operations centres, with a growing number beginning to adopt autonomous or agentic security systems.
These findings align closely with the trajectory documented in the GCC cybersecurity risk landscape for 2026 and with KPMG's Cybersecurity Considerations 2026, which identified agentic AI governance and non-human identity risks as two of the eight priorities reshaping enterprise security this year. For Gulf financial institutions building AI-driven customer platforms, payments infrastructure and risk management systems, the synchronous security challenge described in the BCG and DSCI report is an immediate operational reality rather than a future planning concern.
The synchronous security challenge
The report introduces a concept it calls the synchronous security challenge: organisations must simultaneously defend against AI-powered attacks, deploy AI to enhance their own defensive capabilities, and secure the AI systems they are deploying. These three demands arrive concurrently and cannot be addressed in sequence. Financial institutions that attempt to deal with them in series will consistently find themselves behind the threat curve.
This challenge is compounded in the GCC by the scale of digital transformation underway. As noted on this site, cloud migration across the UAE, Saudi Arabia and Qatar is accelerating, but most organisations arrive without a mature security strategy aligned to the new environment. The intersection of cloud-first adoption, AI-integrated operations and an escalating external threat environment is precisely the context in which the BCG and DSCI synchronous challenge plays out most acutely.
Identity remains the primary attack surface
The report's recommendations connect directly to a pattern that Microsoft's enterprise passkey rollout and GCC security research have consistently highlighted: identity is the primary attack surface. Eighty per cent of breaches across the GCC in 2025 involved compromised credentials. Multi-factor authentication, privileged access management and continuous identity verification are described not as best practice but as the operational baseline for any financial institution operating under the current threat conditions.
The BCG and DSCI report echoes this, calling for a structural shift from control-heavy compliance frameworks toward a synchronised resilience model integrating business, risk, legal and technology functions. For financial SaaS vendors and fintech platforms serving the GCC market, the report's recommendation for stronger cross-institutional collaboration on threat intelligence sharing and third-party risk management is directly applicable. Regulatory frameworks from SAMA, CBUAE and the UAE Cyber Security Council are tightening requirements in this area, and the BCG and DSCI data provides the quantitative justification for investment that many GCC CISOs need when making the case at board level.
The full BCG and DSCI report is available via the Data Security Council of India website.
Omar Al-Hakeem
Senior Cyber Threat Analyst | MENA RegionOmar Al-Hakeem is a cybersecurity researcher specializing in threat intelligence, ransomware trends, and nation-state activity across the Middle East and North Africa. With over 12 years of experience in SOC operations and incident response, he provides deep technical breakdowns of emerging attacks and regional cyber risks. At MENA Cyber Wire, Omar focuses on real-world threat analysis and actionable defense strategies for enterprises and startups.