RBI asks banks to put in place cyber-security policy

RBI on Thursday asked banks to immediately put in place a cyber-security policy to tackle internet-based threats to the banking system.

"In view of the low barriers to entry, evolving nature, growing scale/velocity, motivation and resourcefulness of cyber-threats to the banking system, it is essential to enhance the resilience of the banking system by improving the current defences in addressing cyber risks," the Reserve Bank said in a notification.

It further said that the cyber security policy should be separate from the broader IT policy so that it can highlight the risks from cyber threats and the measures to address / mitigate them.

Noting that the use of technology by banks has gained momentum, RBI said the number, frequency and impact of cyber incidents/attacks have increased manifold in the recent past, more so in the case of financial sector.

This underlines the urgent need to put in place a robust cyber security/resilience framework at banks and ensure adequate cyber-security preparedness among banks on a continuous basis, it said.

The central bank said a Cyber Crisis Management Plan (CCMP) should be immediately evolved and should be part of the overall Board approved strategy. "CCMP should address the following four aspects - detection, response, recovery and containment," RBI said.