RBI asks banks to put in place cyber-security policy
The cyber security policy should be separate from the broader IT policy so that it can highlight the risks from cyber threats.
RBI on Thursday asked banks to immediately put in place a cyber-security policy to tackle internet-based threats to the banking system.
"In view of the low barriers to entry, evolving nature, growing scale/velocity, motivation and resourcefulness of cyber-threats to the banking system, it is essential to enhance the resilience of the banking system by improving the current defences in addressing cyber risks," the Reserve Bank said in a notification.
It further said that the cyber security policy should be separate from the broader IT policy so that it can highlight the risks from cyber threats and the measures to address / mitigate them.
Noting that the use of technology by banks has gained momentum, RBI said the number, frequency and impact of cyber incidents/attacks have increased manifold in the recent past, more so in the case of financial sector.
This underlines the urgent need to put in place a robust cyber security/resilience framework at banks and ensure adequate cyber-security preparedness among banks on a continuous basis, it said.
The central bank said a Cyber Crisis Management Plan (CCMP) should be immediately evolved and should be part of the overall Board approved strategy. "CCMP should address the following four aspects - detection, response, recovery and containment," RBI said.