RBI alerts banks on heightened cyber security threats, gives action plan to address vulnerabilities, says report.
The Reserve Bank of India (RBI) has cautioned some banks, urging them to fortify their defences against potential cyber attacks, as per a Moneycontrol report citing industry sources. The warnings, issued to select banks, follow the central bank’s recent Cyber Security and Information Technology Examination (CSITE), wherein action points were provided to address identified vulnerabilities, the report added.
Distinct from routine risk assessments, the CSITE, scrutinises banks’ disaster management readiness, internet and mobile banking platforms, and fraud detection mechanisms. It serves as an independent review, initiated several years ago, to bolster cyber security surveillance.
“The RBI conducts a separate inspection to identify deficiencies in the cyber security capabilities of banks. This time, they met us and have given a list of action points where deficiencies need to be addressed,” one source told the publication. The RBI did not respond to repeated requests for inspection findings and ongoing evaluations, the report added.
Deputy Governor’ T Rabi Sankar’s Caution: AI Threat Looms
RBI Deputy Governor T Rabi Sankar had in February stressed the need for the banking sector to brace itself for evolving cyber threats. Speaking at the 19th Banking Technology Conference in Mumbai on February 9, Sankar said banks must revamp their encrypted systems to counter artificial intelligence (AI) abuses.
Moreover, in response to the UCO Bank incident last year, wherein erroneous credits totalled ₹820 crore, the Finance Ministry directed state-run banks to review their digital operations’ robustness.
On November 15, 2023, UCO Bank said that it faced some technical issues due to which some accounts received erroneous credits totalling ₹820 crore via Immediate Payment Service (IMPS).
“It is clarified that the transactions observed by the bank were due to internal technical issues as a result of which account holders of our bank have received some erroneous via IMPS. We wish to clarify that there was no issue with the IMPS platform,” it had said.
A day later on November 16, UCO Bank said it had recovered ₹649 crore or 79 percent of the ₹820 crore, by taking various proactive steps, such as blocking the recipients’ accounts.
Rising Concerns Amid Evolving Tech Climate
Citing a surge in cyber security breaches, government data disclosed 248 successful data breaches in India’s banking sector between June 2018 and March 2022, the report noted. These breaches primarily involved card details leakage and information theft, prompting heightened vigilance. Of these breaches, public sector banks reported 41 cases, private peers reported 205, and foreign banks reported two incidents. In light of these threats, the RBI mandated banks to bolster their IT risk governance frameworks, emphasising the active involvement of chief information security officers and board committees.
To mitigate cyber security risks, the RBI has instituted a dedicated Cyber Security Framework for Scheduled Commercial Banks (SCBs), which mandates the implementation of robust cybersecurity measures and IT controls to prevent data breaches.