Continuous data breaches, related to the high level of cyber risk considered by financial institutions, seem to indicate that the current regulatory framework has failed to establish an effective cyber system to handle the cyber issues taking place. The Indian financial industry is facing increasingly severe cybersecurity challenges.
Recently in digital credit and payment processing company “Mobikwik” there was a data breach incident, putting the personal information of nearly 10 million users at risk. Information from reports says that where many users’ information has been sold for money on the dark web. And payment processor JusPay admitted to leaking 3.5 million fake credit card records and fingerprint data. These unfortunate incidents should be seen as evidence of systemic cybersecurity issues that participants and regulators need to address during the development process.
Cyber resilience refers to the step process of preparing and estimating the future data breach risks and the ability to actively prepare and respond to them. The Vision of Indian Regulators, the 2011 Reserve Bank of India (RBI) Information Security, Electronic Banking, Governance and Internet Fraud Guidelines, and other tools emphasized that IT strategic design must be “anti-jamming.” And the 2016 Notice on the Banking Cyber Security Framework and the 2021 Digital Payment Security Control Directorate applies the principle of flexibility to new financial products. These tools focus on protecting financial data and assessing the resilience of the financial system.
It is necessary to adjust the curriculum, for which three interventions are required.
First, Indian regulators must encourage cyber resilience. This has important advantages that can help the Reserve Bank of India to adapt to new cybersecurity paradigms and establish a disciplined cybersecurity hierarchy. Identifying such a flexible framework for interdisciplinary approaches may be more useful for regulated organizations, and then more sources can be consulted to develop risk-based cybersecurity strategies.
Second, the RBI approach currently does not involve any meaningful self-esteem participation. A study of existing regulations and their guidelines shows that there is no “checklist” or extensive research on sustainability practices in regulated organizations. Designing appropriate involvement strategies in these areas can build the flexibility of financial institutions.
Third, the RBI approach must consider the size of links or connections of the regulated organizations having. Appropriate response measures to improve resilience. On a small scale, large or systemically organizations may be subject to higher compliance requirements.