RBI has asked banks to immediately put in place a cyber security policy to tackle internet-based threats to the banking system. The RBI said that it is essential to enhance the resilience of the banking system by improving the current defences in addressing cyber risks. The central bank asked all scheduled commercial banks to specify potential risks as “low, moderate, high and very high” and said they must report all “unusual cyber-security incidents”. It also said the new cyber security policy should be separate from the bank’s broader information technology policy.

The number, frequency and impact of cyber incidents/attacks have increased manifold in the recent past, more so in the case of financial sector including banks, underlining the urgent need to put in place a robust cyber security/resilience framework at banks and to ensure adequate cyber-security preparedness among banks on a continuous basis.

The central bank said a Cyber Crisis Management Plan (CCMP) should be immediately evolved and should be part of the overall Board approved strategy.