The country’s financial sector regulators have been active in the cyber security space despite lacking an overarching framework in place, a report by consulting firm Deloitte on Cyber Regulation in Asia Pacific, said. Also Read - Ola to offer free oxygen concentrators to the needyAlso Read - Almost 60 percent of internet users in India fell prey to hacking in the last 1 year: Report
“India is making leaps and bounds on the digital bandwagon. While businesses are accelerating their adoption of digital and other emerging technologies, criminals and organized crime are not far behind,” Shree Parthasarathy, partner – Risk Advisory Services, Deloitte Touche Tohmatsu India, said.
India still does not have a cyber security framework and its National Cyber Security Policy lacked an implementation framework and is yet to be adopted by the industry, he said. Tohmatsu pointed out the recent outbreak of WannaCry (ransomware attack) was an awakening call for the country.
“While not many incidents were reported, it is hard to believe that India Inc was not affected,” he said, adding, “We need to accelerate the pace of implementation of security measures, before it is too late and before citizens start losing trust the system.” The report noted that financial regulators including the Reserve Bank of India, Insurance Regulatory Development Authority (IRDAI) and Sebi have all worked out measures. In 2011, the RBI released a comprehensive set of guidelines on information security, electronic banking, technology risk management and cyber frauds. Last year, it put out detailed guidelines regarding cyber for financial institutions. ALSO READ: Awareness is the only way to fight cyber crime: Experts
It is also planning to conduct annual cyber audits and has established a specialized cell (C-SITE) to conduct detailed IT examination of banks’ cyber security preparedness, to identify the gaps and to monitor the progress of remedial measures, the report said. In the insurance sector, IRDAI in April this year issued a cyber security framework for the sector and stated that all insurers must implement it by March 2018. SEBI is also planning on setting up a cyber security lab for the securities market during 2017 to 2018. ALSO READ: Scientists working on a new technology to protect credit cards and mobile transactions from hacking
There were reports that the regulator will appoint a chief information technology security officer to strengthen the cyber security regulatory policy framework. Looking into the horizon, additional standards or guidance on cyber security for financial institutions could be in the pipeline, given that the finance minister may be pushing for the set-up of a separate response team for cyber-attacks on the financial sector, the report said.