Cyber threats lurk everywhere in cyberspace, a ubiquitous part of all our lives today. Every business environment needs cyberspace to do, well, their business. Hence the need for acts of preparing, preventing, detecting, mitigating, responding to and recovering (Let’s call this PPDMRR) from cyber-attacks. It is fast becoming an essential principle on which institutions of trust, like banks, financial services and insurance companies, build and offer their services. Sounds like the defence agency manifesto of countries, doesn’t it?
The pervasiveness of the internet, rapid digitization and proliferation of means to use the internet through multiple devices has resulted in several bodies, both national and international, who have created cybersecurity frameworks. These frameworks provide clear guidelines for organisations, especially ones providing banking, financial and insurance service, to follow so that they are well prepared to face cyber attacks.
Agencies like the United States-based National Institute of Standards and Technology (NIST) have put out cybersecurity frameworks. Using these frameworks, any business can understand how to manage and reduce their cybersecurity risk to protect their sensitive data and networks.
In India, the Reserve Bank of India (RBI) published a cyber security framework in 2016. With the rise in digital payments, banking transactions and other financial services, the timing couldn’t have been better. The intent of this framework, much like that of NIST, was to provide guidelines to organisations to put out a robust and resilient cyber-security framework to ensure preparedness against cyber attacks
This is the first of a 2-part article. This first part focuses on the situations that prevail with regards to cybersecurity threats and challenges for the BFSI sector. The second part focuses on what the RBI framework provides, challenges and benefits of implementing the framework and why companies in the BFSI-sector need to pay attention. The insurance sector has its own framework provided by the IRDAI (Insurance Regulatory and Development Authority of India). However, what we cover here could very well apply for insurance companies as well, in most cases.
During the pandemic, digital transactions rose exponentially using payments systems like AePS (Aadhar enabled Payment System), with an 118% increase between January 2020 to June 2020. A huge number of people shifted to completely digital transactions during these 2 years. The sheer volume of data is mind-boggling! As the shift happened, at least 50% of people associated with payments businesses expressed security concerns over transactions, while 65% strongly believe that digital payments will continue.
As early as July 2020, the RBI cautioned about an increase in cyber threat incidences. The RBI emphasised that the banking industry was the target of choice for cyber-attacks. This is in line with data that indicates that the financial services industry is the most susceptible to malicious attacks. Techniques like social engineering and phishing attacks are used commonly. The consumers of financial services are 7 times more likely to be a victim of such attacks.
Among Indians eligible for bank accounts and over the age of 14, it is estimated that 77% of them had bank accounts by January 2023. Although India is still a developing nation, 40% of the world’s digital transactions happen in India. India’s digital payments in 2022 exceeded the combined total of the US, UK and Germany.
All these numbers are a clarion call to the banking and financial sector to be secure, to withstand and recover quickly from cyberattacks. This is where good cyber-security frameworks come into the picture.
In our second article, we will examine both the NIST and RBI frameworks.