RBI lays down new tier-wise cyber security guidelines

RBI laid down a set of new cyber security guidelines for urban cooperative banks, in the wake of a rising number of cyber attacks in the recent past. RBI said that it has become essential to enhance the security posture of UCBs to prevent, detect, respond to, and recover from cyber-attacks. The central bank further said that considering the heterogeneity of the UCB sector in terms of size, regions, financial health, and digital depth, it was recognised that a ‘one size fits all’ approach may not be suitable while prescribing cyber security guidelines for UCBs.

Based on risk exposure in terms of the digital services offered by the UCBs, a differentiated tier-wise approach will be followed while prescribing cyber security controls for UCBs. The Reserve banks said that the approach will ensure that the UCBs with high IT penetration and offering all payment services are brought at par with other banks having mature cyber security infrastructure and practices. The Board of the UCBs will have the responsibility to implement the cyber security controls.

However, the cost of enhanced security may also reach to the bank customers. Considering that implementation of the cyber security framework would be a cost-intensive process, the responsibility for implementation, monitoring, compliance, and the response would have to be assigned from the Board level and percolate down till the end-user, RBI added.

RBI’s ‘Vision for Cyber Security’ for UCBs – 2023 includes a five-pillared strategic approach, which are Governance Oversight; Utile Technology Investment; Appropriate Regulation and Supervision; Robust Collaboration; and Developing necessary IT, cyber security skills set. Meanwhile, for the UCBs with higher digital depth, the IT/IS Governance Framework would include appointing a Chief Information Security Officer (CISO) and setting up various committees such as IT Strategy Committee, IT Steering Committee, etc.