The Reserve Bank of India (RBI) convened a conference in Hyderabad on January 24, 2024, bringing together Directors from select Urban Co-operative Banks (UCBs) of the Southern Zone. The conference aimed to address the escalating challenges of cybersecurity faced by UCBs and to enhance their resilience against cyber threats.
Governance in UCBs
The conference was themed around ‘Governance in UCBs: Combating Cyber Threats and Enhancing Resilience’. The RBI emphasised the importance of governance oversight over cybersecurity and the need for UCBs to invest in appropriate technology and skilled manpower. The RBI also urged the UCBs to implement the ‘Technology Vision for Cyber Security’ for UCBs – 2020-2023, which was released by the RBI in September 2020.
The ‘Technology Vision for Cyber Security’ for UCBs – 2020-2023 is a five-pillared strategic approach to strengthen the cyber security posture of the UCB sector. The pillars are:
- Governance Oversight: To ensure that the Board of Directors and senior management are responsible and accountable for implementing cyber security controls and complying with regulatory guidelines.
- Utile Technology Investment: To ensure that UCBs invest in secure and resilient IT infrastructure and systems that are commensurate with their digital services and risk exposure.
- Appropriate Regulation and Supervision: To ensure that UCBs follow a graded approach to cyber security regulation and supervision based on their size, regions, financial health and digital depth.
- Robust Collaboration: To ensure that UCBs collaborate with each other and with other stakeholders such as RBI, CERT-In, IDRBT, etc. to share best practices, threat intelligence and incident response.
- Developing necessary IT, cyber security skills set: To ensure that UCBs have adequate and qualified IT and cyber security staff and provide them with regular training and awareness programs.
Recent Data on Cybersecurity
According to the RBI, the number, frequency and impact of cyber incidents/attacks have increased manifold in the recent past, more so in the case of financial sector including UCBs. The RBI cited some recent data on cybersecurity incidents reported by UCBs:
- In 2020-21, 1,207 cybersecurity incidents were reported by UCBs, out of which 368 were successful attacks resulting in financial loss or data breach.
- In 2021-22, 1,534 cybersecurity incidents were reported by UCBs, out of which 472 were successful attacks resulting in financial loss or data breach.
- In 2022-23 (up to December 31, 2023), 1,762 cybersecurity incidents were reported by UCBs, out of which 538 were successful attacks resulting in financial loss or data breach.
The RBI also highlighted some common types of cyberattacks faced by UCBs, such as phishing, malware infection, denial of service, ransomware, credential compromise, web application attacks, etc.
Conclusion
The RBI concluded the conference by reiterating its commitment to support the UCB sector in improving its cyber security capabilities and resilience. The RBI also appreciated the efforts made by some UCBs in adopting innovative technologies such as cloud computing, artificial intelligence, blockchain, etc. The RBI encouraged the UCBs to leverage these technologies for enhancing their efficiency, customer service and competitiveness.