Mumbai: In its monetary policy announcement on Wednesday, the Reserve Bank of India (RBI) announced a directive for banks and financial services companies struggling with cyber security concerns.
The central bank said it will form an inter-disciplinary standing committee on cyber security. It will review threats inherent in existing and emerging technology, study adoption of various security standards and protocols, interface with stakeholders and suggest appropriate policy interventions to strengthen cyber security and resilience.
“While banks have taken steps to strengthen their defences, the diverse and ingenious nature of recent cyber-attacks necessitates an ongoing review of the cyber security landscape and emerging threats,” the RBI said in a statement on its website.
In June 2016, RBI issued guidelines asking banks to beef up cyber security protocols and asked them to report incidents of security breaches. However, the banking system was hit by one of its largest security breaches when more than 6 million debit cards were reported to be compromised in October. This incident happened after a breach at a network of automated teller machines (ATMs) which was being managed by Hitachi Payment Services Pvt. Ltd.
After becoming aware of this, the State Bank of India (SBI) decided to reissue 6,25,000 cards.
In its statement, RBI also said that it will form an enforcement department as part of its financial sector oversight mechanism, which will be functional from 1 April.
“Enforcement deals with cases of non-compliance with regulations noticed either through the surveillance process or otherwise,” the central bank said.
ALSO READ: Rates don’t change, RBI policy stance does
The enforcement department will work in tandem with RBI’s regulation and surveillance departments.
“We need a group that thinks through the cybersecurity concerns of the day and comes up with adequate solutions to safeguard financial institutions against these. Issues like disclosure of data breaches, definition of private data and best practices in cyber security are all necessary issues that need to be thought through. A standing committee would be a step in the right direction,” said Reshmi Khurrana, managing director, Kroll Associates (India) Pvt. Ltd, a risk consulting and management firm.