Monday, June 17, 2024
HomeBusinessWhy it is important to build cyber-resilience for financial entities in India

Why it is important to build cyber-resilience for financial entities in India


Related stories A Comprehensive Guide To Localhost, Fixing, Configuring and Working

Technology has numerous terms that have unique importance and...

Which DNA test is the most reliable for determining paternity?

When it comes to determining paternity, DNA tests are the... Error: A Complete Understanding and fixing Tips!!

In the time of advancement, the secretive and cryptic...

5 Reasons AI Will Revolutionize Investment

If you’re an investor in the stock market, you...

Advantages of Financial Advisory Services in Retirement Planning

Planning for retirement can be both exciting and daunting....


The data breaches must be treated as evidence of a systemic cybersecurity concern that players and regulators must solve for, developing strategies for a secure financial cyberspace.

By Sohini Banerjee and KS Roshan Menon

India’s financial sector has a burgeoning cybersecurity problem. Recent cyber-attacks underscore the severity of this malaise. Mobikwik, the digital credit and payments processing start-up, reportedly suffered a data breach that allegedly compromised the personal data of nearly 10 crore users. The breach saw the compromise of sensitive data, including credit and debit information, with news reports suggesting that such data was consequently posted for sale on the dark web.

The Mobikwik data breach is not an isolated incident. Recently, payments processor JusPay acknowledged the breach of 3.5 million records of masked credit card and fingerprint data, noting that the vulnerability manifested from an isolated system that stored such data for display purposes. Commentators have been quick to draw linkages between the two breaches, identifying cybersecurity as a vital priority for start-ups in the financial sector.

These breaches must be treated as evidence of a systemic cybersecurity concern that players and regulators must solve for, developing strategies for a secure financial cyberspace. Cyber-resilience should be used as a means to achieve to identify a series of interventions that help build meaningful cyber-resilience for India’s financial sector.

Cyber-resilience refers to the three pronged process of building the ability of entities to proactively prepare for, respond to and recover swiftly from disruptions. Dupont defines the concept as “the capacity to withstand, recover from and adapt to the external shocks caused by cyber-risks”, indicating that the heart of resilience does not lie in simple ‘react-and-report’ approaches to cybersecurity. Instead, resilience focuses on the concept of capacity-building, stressing the need to promote a culture within financial entities that prioritises cybersecurity at various organisational and technical levels.

See also  The Personalized Photo Album

It is important to note that cyber-resilience is not a novel concept among Indian regulators. Instruments such as the Reserve Bank of India’s (‘RBI’) Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds, 2011 placed emphasis on devising IT strategies to be ‘resilient to failure’. Further, the 2016 Circular on Cybersecurity Framework in Banks and the Master Direction on Digital Payment Security Controls, 2021 applied principles of resilience to novel financial products. These instruments focussed on securing financial data and evaluating the resilience of financial systems.

It is evident that regulators have sought to incorporate cyber-resilience into the working of financial institutions from an early stage. However, the continuing onslaught of data breaches, coupled with a perception of high cyber-risk among financial institutions, seems to suggest that the extant regulatory framework has failed to build effective resilience paradigms that tackle cyber-attacks.

We believe that the failure of such regulation lies in its inability to engage with resilience in a meaningful manner. A course-correction is in order, and for the same, we suggest three interventions.

First, regulation in India must define cyber-resilience. This has marked benefits – a broader definition can help the RBI shake off its ‘tech-first’ first approach to cybersecurity – accommodating other paradigms in securing cyber networks. This can in turn, make cybersecurity multi-disciplinary. Illustratively, security experts may collaborate with privacy scholars on design frameworks for secure processing of personal data. Frameworks for resilience that acknowledge such multi-disciplinary approaches can be further beneficial to regulated entities, who can then draw from more sources to devise risk-appropriate cybersecurity strategies.

See also  Australia stocks lower at close of trade; S&P/ASX 200 down 0.73% By

Second, the RBI’s approach should account for robust self-assessment. Presently, despite periodic references to self-assessment in its regulations, the approach of the RBI does not attempt meaningful engagement on self-assessment. A careful look at extant regulation indicates the absence of ‘checklists’ or a comprehensive study of resilience practices across regulated entities. Designing appropriate interventions on these counts can simplify resilience for financial entities.

Third, the RBI’s approach must account for the size or interconnectedness of a regulated entity. Scaling discards a ‘one-size fits all’ approach to cybersecurity, in favour of a risk-adequate response to building resilience. Under scaling, large or systemically important entities may be subject to enhanced compliance requirements (such as external audits or a designated cybersecurity officer), while smaller enterprises may comply with norms that impose minimal burdens. Scale-sensitivity allows for resilience to penetrate markets more meaningfully, ensuring cybersecurity for all.

Sohini Banerjee and KS Roshan Menon are Research Fellow and Research Scholar at Shardul Amarchand Mangaldas & Co. Views expressed are personal.

Follow us on Twitter, Instagram, LinkedIn, Facebook 

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

BrandWagon is now on Telegram. Click here to join our channel and stay updated with the latest brand news and updates.


Source link

Bellie Brown
Bellie Brown
Hi my lovely readers, I am Bellie brown editor and writer of I write blogs on various niches such as business, technology, lifestyle., health, entertainment, etc as well as manage the daily reports of the website. I am very addicted to my work which makes me keen on reading and writing on the very latest and trending topics. One can check my more writings by visiting

Latest stories