RBI asks banks to put in place cyber-security policy

RBI today asked banks to immediately put in place a cyber-security policy to tackle internet-based threats to the banking system.
"In view of the low barriers to entry, evolving nature, growing scale/velocity, motivation and resourcefulness of cyber-threats to the banking system, it is essential to enhance the resilience of the banking system by improving the current defences in addressing cyber risks," the Reserve Bank said in a notification.
It further said that the cyber security policy should be separate from the broader IT policy so that it can highlight the risks from cyber threats and the measures to address / mitigate them.

Noting that the use of technology by banks has gained momentum, RBI said the number, frequency and impact of cyber incidents/attacks have increased manifold in the recent past, more so in the case of financial sector.
This underlines the urgent need to put in place a robust cyber security/resilience framework at banks and ensure adequate cyber-security preparedness among banks on a continuous basis, it said.
The central bank said a Cyber Crisis Management Plan (CCMP) should be immediately evolved and should be part of the overall Board approved strategy.

(REOPENS DCM81)
RBI also asked banks to identify their riskiness as low, moderate, high and very high or adopt any other similar categorisation.

"Riskiness of the business component also may be factored into while assessing the inherent risks," it said.
Noting that managing cyber risk requires the commitment of the entire organization to create a cyber-safe environment, the central bank said the top management and the board should also have a fair degree of awareness of the fine nuances of the threats and appropriate familiarisation may be organized.