RBI Warns Banks to Ramp Up Cybersecurity Measures Following Recent Cyber Threats

RBI Cybersecurity Measures: The Reserve Bank of India (RBI) has issued cautionary advisories to certain banks, urging them to strengthen their defenses against potential cyber-attacks, according to a report by Moneycontrol, citing industry sources. These warnings come in the wake of the central bank's recent Cyber Security and Information Technology Examination (CSITE), which highlighted vulnerabilities and provided action points for rectification.

RBI's Vigilance

The CSITE, distinct from routine risk assessments, delves into various aspects such as disaster management readiness, internet and mobile banking platforms, and fraud detection mechanisms. It serves as a comprehensive review aimed at enhancing cyber security surveillance. Sources reveal that the RBI has provided specific action points to banks to address identified deficiencies.

RBI's Silence and Official Statements

Despite repeated requests, the RBI has not disclosed the findings of its inspections or ongoing evaluations. However, RBI Deputy Governor T Rabi Sankar emphasized the imperative for the banking sector to brace against evolving cyber threats. Speaking at the 19th Banking Technology Conference in Mumbai, Sankar stressed the need for banks to upgrade their encrypted systems to combat potential artificial intelligence (AI) abuses.

Read also: India Signs Trade Pact with EFTA, Aiming for $100 Billion Investment

Incidents Prompting Action

The RBI's cautionary stance is reinforced by incidents like the UCO Bank debacle in 2023, where erroneous credits amounting to Rs.820 crore were observed. Following this incident, the Finance Ministry directed state-run banks to review the robustness of their digital operations.

Response to UCO Bank Incident

UCO Bank faced technical issues leading to erroneous credits via Immediate Payment Service (IMPS). The bank swiftly took corrective measures, recovering Rs.649 crore out of the total amount. Proactive steps such as blocking recipients' accounts were instrumental in mitigating the impact of the incident.

Heightened Concerns Amid Data Breaches

The report highlights a significant surge in cyber security breaches within India's banking sector. Government data revealed 248 successful data breaches between June 2018 and March 2022, primarily involving card details leakage and information theft.
Publicly-owned banks documented 41 instances, while private counterparts disclosed 205 occurrences, with foreign banks reporting two cases. Consequently, the RBI has instructed banks to enhance their IT risk management frameworks, stressing the crucial engagement of chief information security officers and board committees.

Read also: India’s Economic Trajectory Towards Upper Middle-Income Status

RBI's Framework for Cybersecurity

To address these growing threats, the RBI has established a dedicated Cyber Security Framework for Scheduled Commercial Banks (SCBs). This framework mandates the implementation of robust cybersecurity measures and IT controls to safeguard against data breaches and cyber attacks.