I don’t know about UPI, but those concerns can be mitigated by not operating on public networks. The SWIFT payment network for example is private[1] and is only accessible via dedicated routers.
Relying on perimeter security like this means you are as vulnerable as your weakest nodes. SWIFT can be and has been hacked via its less sophisticated participant banks.