Securing the financial sector of India – Opinion News

By Amar Patnaik

In the digital era, cybersecurity transcends mere information technology (IT) concerns to become a strategic cornerstone essential for maintaining the integrity and stability of a financial institution. Last year alone, India’s financial sector faced over 1.3 million cyber-attacks. The 54th report on “Digital Payment and Online Security Measures for Data Protection” by the Parliamentary Standing Committee on IT highlighted the need for tackling frauds and cybercrimes in the financial sector which faces a barrage of sophisticated attacks almost every day, compromising the security of vast amounts of sensitive data. There is a rise in cybercrimes related to digital payments with fraudsters increasingly exploiting vulnerabilities in real-time transaction systems.

The financial impact of these frauds amounted to `5,574 crore in the first 10 months of 2023 alone, more than double of the Rs 2,296 crore reported in all of 2022. According to the Reserve Bank of India (RBI) Financial Stability Report (December 2023), cyber incidents are distributed disproportionately among regulated entities with scheduled commercial banks accounting for 69%, followed by 19% in case of urban cooperative banks, and 12% in non-banking financial companies and the fintech sector. As financial services deepen their digital footprint, they have become prime targets for sophisticated cyber threats.

Social engineering, data leakage, and ransomware attacks are rising, with threat actors selling leaked data on dark web platforms. This trend exposes financial institutions to large losses and threatens trust in and stability of the financial system. To maintain financial sector reliability, these vulnerabilities must be addressed.

Forging alliances: Power of collective vigilance

Public-private partnerships bring together the sharpest minds in government, finance, and technology. Together, they can establish a cybersecurity alliance as a bulwark against cyber threats to the financial sector. For example, the UK’s National Cyber Security Centre collaborates closely with financial institutions through the Financial Sector Cyber Collaboration Centre to share cyber threat information and best practices. This cooperation has been crucial in responding to threats like the Log4Shell vulnerability. In the United States, the treasury department last year launched “Project Fortress”, a new public-private partnership to defend the financial system from cyberattacks. This initiative includes tools for financial institutions to scan for cyber vulnerabilities and share threat intelligence through the Cybersecurity and Infrastructure Security Agency’s Cyber Hygiene tool and a new automated threat information feed. These successful models provide a blueprint for India to develop its own robust cybersecurity alliances. By sharing threat intelligence and pooling defensive strategies, we are not just preparing to respond but ready to pre-empt sophisticated cyber threats. While the Indian Computer Emergency Response Team (CERT-In) provides essential advisories and information-sharing, it lacks automated, real-time threat intelligence and proactive vulnerability scanning that is necessary for a robust defence.

Build technological superiority

Artificial intelligence (AI) and blockchain must be better integrated into cybersecurity frameworks to address emerging cyber threats in India’s financial industry. The RBI uses AI to monitor and analyse real-time data, but not for cyber threats. It also recommends blockchain innovation for cross-border payments, but adoption needs to improve. The government should invest in AI-driven predictive analytics, anomaly detection, and automated threat hunting in financial institutions to fill these gaps. The government may also encourage wider usage of blockchain technology by promoting data integrity, safe transactions, and setting clear norms and standards. Collaboration between the RBI and the National Payments Corporation of India, pilot programmes, and capacity-building will help achieve technological dominance and resilience against sophisticated cyberattacks.

Integration of cyber liability insurance

According to a Deloitte report, India’s cyber insurance market, projected to expand at 27-30% compound annual growth rate over the next few years, highlights a critical need for integrating cyber liability insurance into cybersecurity strategies. Despite the Insurance Regulatory and Development Authority of India’s rules, smaller institutions need more policy clarity and coverage standardisation. Insurance providers must offer these products because cyber dangers are becoming more frequent and complicated, making cyber insurance imperative for risk management. High returns in an expanding market incentivises such insurers.

Globally, successful government cyber insurance integrations offer useful insights. Germany’s cyber insurance claim ruling specifies coverage and policyholder responsibilities, setting a precedent. The Federation of European Risk Management Associations encourages stakeholders to work together to balance insurers’ risk appetites and business purchasers’ coverage needs. This includes creating unified European Union’s cybersecurity standards for small and medium enterprises and incentivising cybersecurity investments through public awareness campaigns and government backing. India could think on similar lines.

Enhancement of RBI regulatory sandbox

While the RBI’s current regulatory sandbox framework tests functional viability and regulatory compliance, it lacks a focused mechanism for rigorous testing against sophisticated and evolving cyber threats. Two strategic RBI regulatory sandbox enhancements are proposed.

First, new financial products must undergo extensive cybersecurity simulations to assess their resilience to data breaches and advanced persistent attacks. Second, the sandbox needs a mechanism for periodic security reviews and scenario-based policy testing to secure existing financial products. Periodic reviews will uncover vulnerabilities that have arisen since launch owing to evolving cyber landscape. Additionally, scenario-based policy testing should be broadened to thoroughly evaluate and improve cybersecurity policies for new and existing financial products.

A call to action

The stakes have never been higher. As the financial sector evolves, so must our strategies to protect it. By implementing these robust measures, we can ensure that our financial institutions are safeguarded against current threats and prepared for future challenges. This proactive approach is essential for maintaining the financial sector’s stability, integrity, and trust in the face of evolving cyber threats.

The writer is Lawyer and former Member of Parliament, Rajya Sabha.

Disclaimer: Views expressed are personal and do not reflect the official position or policy of FinancialExpress.com. Reproducing this content without permission is prohibited.

Source link

Latest post

First meeting held on AI’s impact on India’s copyright framework | Latest News India

Delhi’s Sapru House, which shaped India’s foreign policy, turns 70 | Latest News India

70 Pakistan drones destroyed in Gujarat, Rajasthan during Operation Sindoor | India News

Popular Posts

No separate body for urban and regional planning: Centre | Latest News India (545)

Bihar man alleges Rahul Gandhi’s ‘shocking’ remark caused him a loss of milk worth ₹250, moves court | Latest News India (425)

Aerial photos show scale of Israeli destruction in Gaza | Israel-Palestine conflict News (396)

PM Modi arrives in Paris for AI Summit, bilateral talks with Macron | Latest News India (223)

Leaked Galaxy S25 video shows off Audio Eraser, Night Video, and more (144)

Stay Connected