Policy needed to protect citizens against cyber crime: RBI ED

A policy framework is needed to protect common citizens against cyber crimes as it would add to their confidence to use technology in financial transactions, a senior Reserve Bank official has said.
"It is my considered view that India needs a statute protecting a common citizen against cyber fraud or cyber crime.
"A strong law, which protects a diligent customer from cyber frauds would infuse institutional safeguard to a common person and increase his confidence to use technology in financial transactions," RBI Executive Director G Padmanabhan said recently in Thiruvananthapuram.
He was delivering Chithira Thirunal Memorial Lecture on 'Emerging Issues in Cyber Security in the Financial Sector' on February 28.

There is a need to collect data, collate attacks, failures, measures to mitigate security gaps, losses suffered, turnaround time for fixing security gap and analyse them in order to guide the industry participants as well as customers, he said.
"This would also over a period of time, reflect the number of attacks, volume and value of loss, cost of correction and offer a wealth of information, apart from sharing the solutions for preventing known attacks," he added.

Padmanabhan said the RBI agency Institute for Development and Research in Banking Technology (IDRBT) has started this effort last year.
He asked banks to proactively share information to IDRBT, which would help it build a better response support system.

"We will not hesitate to walk the extra mile to make this happen," he said while refering that when Credit Information Bureau India Ltd (CIBIL) was set up to share credit and default status of account holders, there was lack of enthusiasm from banks in sharing information. "The regulator gave a push and today it has become a standard operating procedure to check on CIBIL site."
He also said that every organisation should have an IT Governance Policy as a subset of cyber security policy.
"The policy should identify key assets, the risks they are exposed to, prescribe mitigation measures, roles and responsibilities in case of a cyber incident and state the response required," he added.