MINISTER OF STATE IN THE MINISTRY OF FINANCE)
(a) to (e) Yes Sir. In order to strengthen the security of digital transactions, Reserve Bank of India (RBI) reviews the cyber security developments and threats on an ongoing basis and necessary measures are taken to strengthen the cyber resilience of banks. Cyber incidents are analysed from the point of view of sophistication of attack as well as systemic impact and are categorised as critical, high, medium and low categories. Wherever required, advisories/alerts are issued to all banks to avoid occurrence of similar incident in other banks. In order to focus more attention on IT related matters, Reserve Bank has set up a Cyber Security and IT Examination (CSITE) Cell within its Department of Banking Supervision in 2015 which carries out IT Examination of banks separately from the regular financial examination of the banks to assess their cyber resilience. The examination, inter-alia, evaluates the processes implemented by banks for security checks like Vulnerability Assessment/Penetration Testing etc. and their follow up action.
RBI has also set up a Cyber Crisis Management Group to address any major incidents reported including suggesting ways to respond. Based on market intelligence and incidents reported by the banks, advisories are issued to the banks for sensitizing them about various threats and ensure prompt preventive/corrective action. RBI also conducts cyber security preparedness testing among banks on the basis of hypothetical scenarios with the help of CERT-In. An inter-disciplinary Standing Committee on Cyber Security has been constituted. The Committee, inter alia, reviews the threats inherent in the existing/emerging technology and suggests appropriate policy interventions to strengthen cyber security and resilience.
RBI has set up an IT Subsidiary, which would focus, among other things, on cyber security within RBI as well as in regulated entities. RBI also issues circulars and advisories from time to time and one such comprehensive circular was issued on 2nd June, 2016.
RBI has also informed that data on frauds reported under the category ‘Cyber Frauds’ is not available. The data on frauds reported under the category ‘Card/Internet - ATM/Debit Cards, Credit Cards & Internet Banking for the recent months October 2019, November 2019 and December, 2019 is in attached Annexure.
Further, Insurance Regulatory and Development Authority of India (IRDAI) has issued detailed guidelines vide its Guidelines on “Information and Cyber Security for insurers” No. IRDA/IT/GDL/MISC/ 082/04/2017 dated 07/04/2017, covering various steps to be taken by Insurance companies for effective management of cyber risks. The main objectives of these guidelines are to ensure that an in-built governance mechanism is in place for effective implementation of Information and cyber security frame work and to ensure that insurers are adequately prepared to mitigate cyber security related risks.
Pension Fund Regulatory and Development Authority (PFRDA) has issued a detailed policy on cyber security for intermediaries and also for its own employees.
Source: RBI/PFRDA/IRDAI
*****
Annexure
Data on frauds reported by Scheduled Commercial Banks and Select Financial Institutions on the category ‘Card/Internet - ATM/Debit Cards, Credit Cards & Internet Banking for the recent months - October 2019, November 2019 & December 2019
Type of Cyber Fraud Oct-19 Nov-19 Dec-19
No.of FMRs Amount Involved in Crores No.of FMRs Amount Involved in Crores No.of FMRs Amount Involved in Crores
Card/Internet - ATM/Debit Cards 3376 73.65 3533 10.55 4149 10.33
Card/Internet - Credit Cards 1641 4.04 1711 4.77 2765 10.87
Card/Internet - Internet Banking 360 7.01 2256 4.31 1250 2.27
Grand Total 5377 84.70 7500 19.63 8164 23.47
FMR:- Fraud Management Reports
Download PDF Files