Scheduled commercial banks accounted for a chunk of cyber incidents from Jan 2019 to Mar 2024


‘Cyber incident’ means a cyber event that adversely affects the cyber security of an information asset whether resulting from malicious activity or otherwise.  
| Photo Credit:
Dado Ruvic

Mumbai

Analysis of cyber incidents reported by regulated entities (REs) from January 2019 to March 2024 to the Reserve Bank shows that 69 per cent of incidents were reported by scheduled commercial banks (SCBs), 19 per cent by urban co-operative banks (UCBs) and 12 per cent by non-banking finance companies (NBFCs)

UCBs had the highest share of incidents (41 per cent) in higher risk categories amongst all REs, according to the latest financial stability report (FSR).

‘Cyber incident’ means a cyber event that adversely affects the cyber security of an information asset whether resulting from malicious activity or otherwise.

Among the types of cyber incidents reported, social engineering incidents constituted the largest share.

Rapid rise

“Incidents relating to data leakage, application security and ransomware attacks are rapidly rising. Most of these incidents involve threat actors leaking REs’ data such as card data, customers’ KYC details, and KYC documents on the dark web, social media or public platforms for sale,” the report said.

Another source of risk emerges from dependence on common IT service providers among REs. These include, but not limited to, cloud service providers, payment switch providers and data centre providers.

The FSR cautioned that a major cyber incident in these IT service providers may propagate and adversely impact multiple REs simultaneously, threatening systemic stability.

6-hour window

To monitor and mitigate this risk, the Reserve Bank had issued directions on outsourcing of IT services, which stipulate that REs should report cyber incidents within six hours of detection by third-party service providers.

The report emphasised that rising threat of cyber risk and increasing adoption of financial services by customers through digital channels makes it imperative for REs to ensure robustness and high security in their IT systems and controls to ensure operational resilience.

“Information systems and infrastructure should be able to support business functions seamlessly and ensure availability across all service delivery channels.

“This has been a critical part of the increased supervisory focus of the Reserve Bank and supervisory actions have been taken on REs where significant lacunae have been observed, especially in terms of downtime (leading to customer service disruption) of digital financial services,” the report said.