In view of recent increase in online attacks on financial institutions’ information systems, India’s central bank on Thursday advised commercial banks to immediately put in place a cyber security policy in order to counter threats arising from the internet.
“Banks should immediately put in place a cyber-security policy elucidating the strategy containing an appropriate approach to combat cyber threats given the level of complexity of business and acceptable levels of risk,” the Reserve Bank of India said in a notification to all commercial banks.
“It is essential to enhance the resilience of the banking system by improving the current defences in addressing cyber risks,” it said.
The central bank asked all scheduled commercial banks to specify potential risks as “low, moderate, high and very high” and said they must report all “unusual cyber-security incidents” to the RBI.
It also said the new cyber security policy should be separate from the bank’s broader information technology policy.
“The number, frequency and impact of cyber incidents/attacks have increased manifold in the recent past, more so in the case of financial sector including banks, underlining the urgent need to put in place a robust cyber security/resilience framework at banks and to ensure adequate cyber-security preparedness among banks on a continuous basis,” the notification said.