175% Surge in Phishing Attacks Hits BFSI in H1 2024: How Industry Leaders Are Fighting Back The average global cost of a data breach has hit a record high—USD 4.88 million, up 10 per cent from last year. In India, that number stands at USD 2.18 million

In 2024, cybercriminals have become smarter, faster, and more dangerous—and the BFSI (Banking, Financial Services, and Insurance) industry remains one of their biggest targets. The average global cost of a data breach has hit a record high—USD 4.88 million, up 10 per cent from last year. In India, that number stands at USD 2.18 million, according to the Digital Threat Report 2024 published by the Ministry of Electronics and Information Technology.

Why is BFSI most vulnerable?

The answer is simple: money and data. The BFSI sector handles both, making it a goldmine for cybercriminals. Its systems are highly interconnected, meaning that if one part is compromised, the entire network can be at risk.

Phishing and stolen credentials are the two most common methods attackers use to gain entry. In just the first half of 2024, phishing attacks in the financial sector surged by 175 per cent compared to the same period last year.

Ashwin Sekar, Chief Product and Technology Officer at InCred, shared how they're fighting back: "Most cybersecurity attacks happen due to phishing emails targeting employees. We now run monthly simulation campaigns using sophisticated phishing tactics… and we've really raised the bar in terms of employee awareness."

But cyber threats don't stop at employees. Customers, too, are frequent targets. One tactic, known as pretexting—where attackers fabricate stories to deceive people into handing over money or sensitive information—was present in 54 per cent of Business Email Compromise (BEC) cases, according to the report. With the emergence of "deepfake-as-a-service" platforms, it's now easier than ever for scammers to impersonate CEOs and bypass identity verification protocols.

To ensure customer trust in digital services like chatbots, Sekar added: "Right now, 40 per cent of our incoming traffic is handled by a bot. But there's always a button saying, 'Hey, please let me talk to a human,' so users don't hit a dead end… We're very mindful of the customer experience."

Sekar also reminded us not to blindly trust technology: "It's very easy to fall into the trap of thinking technology is a silver bullet—it never is. You have to marry technology with people and good processes. We conduct monthly audits and reviews where we examine the data and correlate it with stories from the ground."

What about regulations?

As AI becomes more prevalent in areas like insurance and lending, concerns about fairness and transparency are rising. Yogesh Agarwal, Founder and CEO of Onsurity, emphasized the importance of building trust and complying with strict rules. "When a decision is made—on what parameter was it made? Was the data unbiased and in the customer's interest?… We need to create an audit trail of the decision-making framework. Because we always need to be ready to justify it."

Yogesh also raised a critical regulatory question regarding future AI systems in insurance: "Will regulators allow these AI systems to independently design products? Or will such freedom be granted only to large enterprises and not to those serving retail customers? That's something to watch closely."

Guardrails for AI

Dr. Anand Mahalingam, VP of Data Science at Digit Insurance, stressed that adopting AI is no longer optional—but it must be done responsibly. "We need AI. It's essential for helping businesses grow. But we also need guardrails."

He explained that when using machine learning or generative AI, testing for fairness and transparency is critical:"We need to ensure there's no bias—whether it's based on gender, income, or even pin code. If a model makes decisions using variables like credit score, income, gender, race, or location, we must know which factor played the biggest role. Was it fair? Are the results consistent? Are we repeating historical biases?"

Dr. Mahalingam also highlighted the importance of AI governance: "Each and every model should have audit logs… Once you build this level of sophistication, people start trusting your models. And when trust happens, people buy more."

And that's the real goal—using technology not just for innovation, but to expand financial services more fairly and widely. "In a country like India, we need to take these services to the masses. Technology is the only way to scale," Dr. Mahalingam added.