Reserve Bank of India’s Guidelines on Cyber Security

Cyber threats and security issues are growing

A rapid growth was observed in Indian banks’ adoption after 2010, of new security measures and transfers to digital platforms. It has always been a subject of discussion that cyber-security policies have never been kept pace with the evolution / adoption of new technologies, as a result of which cyber-attacks are growing every day. The cyber-attacks not only result in massive financial losses but also erodes every organisation’s brand image.

Approximately 70 per cent of Internet users in India make an online transaction on these websites. You can’t even guess the amount of transactions that are made per day. These purchases are not limited to e-shopping online.

Ultimately, raising the bar in cyber threats made Reserve Bank of India ( RBI) recognise the need for a comprehensive and integrated approach to cyber security, resulting in an RBI circular inhibiting cyber security guidelines being enforced. The rest of the article will illustrate the key points identified in the cybersecurity circular, which is why all banks must periodically organise a Cyber Security Drill.

RBI Guidelines

Since banks’ compliance-centric approach imposes a critical security threat.

RBI described adequate guidance on cybersecurity approach initiatives, a recent https survey.in

Of the top 10 certificates PSU Bank SSL, it is clear that the RBI guidelines are being followed.

  • Cybersecurity Operations Center (SOC): RBI recognises the need for a stable environment that can provide effective sharing of knowledge and a versatile structure. RBI guidelines therefore explicitly state the need for the establishment of a cybersecurity operations centre. Emphasis on a stable environment is required from top management and cyber-aware board as per guidelines.
  • Architect Good Governance: Any adaptation of cybersecurity requires Board / Top Level Management approval / rejection.
  • Circular clearly describes the need for board-level understanding and involvement in order to make them responsive to the existing cybersecurity situation and its near future. It will make cybersecurity as important as research into technologies that empower the company.
  • Securing customer data & its use in financial crimes: RBI puts a very specific and strong focus on customer data protection.
  • Banks are expected to take the highest protective steps possible to protect customer data if it is in motion or freezing state. Guidelines also concentrate on coordinating certain services where consumers can make themselves aware of that attack incidents.
  • Proactive reporting and collaboration: RBI recognised the importance of cooperation between various financial institutions to support each other and allow them to respond proactively and rapidly to the attacks.
  • Infinite surveillance: There was a need for constant monitoring and real-time analysis, as it allows to take action quicker when targeted from outside. New guidelines will mandate that the banks introduce real-time monitoring based on 24 * 7.
  • These interventions not only minimise the impact of the loss but also help to determine an appropriate solution in the future to avoid such incidences.
  • CCMP (Cyber Crisis Management Plan): The RBI circular calls for a Cyber Crisis Management Plan to address the complete lifecycle of identification, reaction, containment and recovery.

Way expected after RBI Guidelines follow

Effective adoption of guidelines will help banks secure consumer data, banks will be able to track accidents proactively, and ongoing monitoring will arm established cyber protection resources that would ultimately contribute to an expanded ecosystem.