Mumbai: The Reserve Bank of India has again flagged cyber risks faced by banks and said it would continue to do surprise drills and inspections to ensure that they have systems in place to deal with any threats to payment systems and network security.
RBI has been performing focused IT examinations of the banks to evaluate their cyber risk management systems and procedures,” the regulator said in its latest edition of the financial stability report. “While the assessment is factored in the overall risk profile of a bank under risk-based supervision, certain specific areas like payment systems and network security are proposed to be subjected to more intensive scrutiny during the year.”
The regulator said as part of a process to strengthen the offsite monitoring system, information on banks’ cyber security preparedness is being collected on a quarterly basis. The central bank is also conducting cyber drills periodically to assess banks’ preparedness and response capabilities to a potential cyber-attack.
Following an increase in cyber attacks, the RBI earlier this year decided to expand the scope of its cyber audits to all banks against just 30 last year. The regulator does a gap analysis on the basis of the audit reports and asks banks to bridge any gaps in actual and desired performance. The banks which do not have security measures in place as per the RBI’s standards get some time to comply with those. But if they again failed to meet the standards, the regulator could initiate action against them. “We have been advising banks to improve their security preparedness on a continuous basis,” the RBI said. “In a digital environment, it becomes incumbent on banks to have an effective cyber-security policy as part of their overall risk management framework. Cyber-attacks entail a reputational risk for banks, as they undermine customer confidence.”
In February, the RBI set up an inter-disciplinary standing committee to review the threats inherent in the existing and emerging technologies on an ongoing basis, and suggest policy interventions to strengthen cyber security and resilience.
According to a recent statement by the finance ministry in Lok Sabha, banks lost ₹16,789 crore on account of frauds in the last fiscal year. As per RBI data, banks reported Internet banking frauds amounting to ₹3.7 crore in 58 cases between April and September 2017. Internet banking frauds was the highest in fiscal year 2015 when banks lost ₹25 crore in 203 fraudulent cases. In 2015-16, as many as 16,468 cases related to cyber fraud were reported, including debit card, credit card and net banking breaches. The number was 13,083 the previous year and 9,500 the year before that.
As per the Indian Computer Emergency Response Team (CERT-In), India witnessed more than 27,000 cyber-security threat incidents in the first half of 2017.
In 2016, 50,362 incidents related to cyber security were reported while the number was 49,455 in 2015 and 44,679 in 2014.