Underserved, marginalised populations more vulnerable to cyber risks: RBI Deputy Governor

Individuals can lose faith if they are brought online in the name of financial inclusion only to suffer cyber damage from which they cannot recover, RBI Deputy Governor MK Jain warned.

For digital financial inclusion to succeed, it is not enough to bring people into the digital economy. In his keynote address at an international event on “Cyber ​​Security Practice for the Banking Sector” in Mumbai, all stakeholders should ensure that people are resilient against the risks they are likely to be exposed to, Jain said in his keynote address.

He pointed out that financial inclusion aims to provide access to financial services for disadvantaged and marginalized populations, and rapid steps have been taken in this field thanks to digital public infrastructures.

However, this population is more vulnerable to cyber risks due to their lack of cyber security awareness.

Jain emphasized that understanding emerging financial stability vulnerabilities from a cyber perspective is critical because current capital and liquidity prescriptions may not mitigate the impact of a cyber event in the same way they mitigate financial losses.

For example, capital and liquidity can provide the financial resources to respond to a cyber incident but may not expedite the recovery of systems or data.

Cafe attack

“Cyberattacks can disrupt critical financial operations within banks, leaving them unable to process transactions, access customer accounts, or carry out essential functions.

This disruption can lead to a loss of confidence in the banking system, as customers and businesses may experience difficulties accessing their funds or conducting normal financial activities. Jain said such disruptions can lead to financial instability, especially if it affects several banks or is prolonged.

The Deputy Governor noted that improvements in service offerings, such as longer operating hours for payment systems and a shorter clearing and settlement window, leave the financial system with fewer service breaks through which to restore operations after a cyber incident.

He added that uncertainty about the nature and extent of the incident may also trigger counterparties, competitors or unaffected segments of the financial entity’s operations.

“While there is intense ongoing supervisory interest in cyber resilience at the entity level, data gaps remain. At the entity level, there is a need for consistent data on cyber incidents.

“At the system level, there is a need for data metrics related to digital interdependence and the speed with which backup systems can be rapidly enabled,” Jain said.

The deputy governor said cyber-attacks should become more costly and more dangerous for perpetrators through effective measures to confiscate proceeds of crime and prosecute offenders. He added that the intensification of international efforts to prevent, disrupt and deter attackers would reduce the threat at its source.