The analysis of cyber incidents reported by regulated entities (REs) from January 2019 to March 2024 to the Reserve Bank reveals that scheduled commercial banks (SCBs) accounted for 69% of the incidents. Urban co-operative banks (UCBs) followed with 19%, and non-banking finance companies (NBFCs) with 12%.

UCBs reported the highest share of incidents (41%) in higher risk categories among all REs, as highlighted in the latest financial stability report (FSR).

Amongst the types of cyber incidents reported, social engineering incidents constituted the largest share.

Key Findings:

  • Rapid rise in incidents related to data leakage, application security, and ransomware attacks
  • Threat actors leaking REs’ data such as card data and customers’ KYC details on the dark web
  • Risks from dependence on common IT service providers like cloud service providers and data centre providers
  • Reserve Bank’s directions on outsourcing IT services to mitigate risks

Rising Cyber Risks

The report emphasized the increasing threat of cyber risks and the imperative need for robustness and high security in IT systems to ensure operational resilience. It highlighted that information systems must support business functions seamlessly and ensure availability across all service delivery channels.

Supervisory actions have been taken on REs where significant gaps were observed, especially in terms of downtime leading to customer service disruptions in digital financial services.

Conclusion

The ongoing monitoring and mitigation of cyber risks remain essential for the stability and resilience of financial institutions in the digital age.

Share this Article

Published on June 27, 2024