From June 2018 to March 2022, Indian banks confirmed 248 successful data breaches by cybercriminals and cyberhackers, the Government of India notified Parliament in a session on August 2. The majority of these said data breaches involved card information data breaches as well as the exploitation of both commercial and non-business data, Union Minister of State for Finance Bhagwat Karad stated in a statement to the assembly. According to the minister, out of the total 248 successful data breaches, public sector banks reported 41, private sector banks reported 205, and overseas banks experienced two.
In response to a query regarding data security in the banking and insurance industries, Karad said, “The Reserve Bank of India (RBI) has informed the Centre that it has issued guidelines on Cyber Security Framework for Scheduled Commercial Banks (SCBs), whereby banks are required to implement cybersecurity and IT (information technology) controls, among other things, for prevention of data leakage from its systems.”
“Banks have also been directed to strengthen IT risk governance framework which mandates active role by their Chief Information Security Officer besides an active involvement of the Board / IT committee of the Board in ensuring compliance with the required standards,” Karad added.
In the instance of a violation, RBI may alert the offending bank’s administration, requesting that they take corrective steps within the allotted period. Additionally, the RBI may suggest that the bank’s administration and board look into and discipline the appropriate staff members and senior officials within a given time frame. In addition, financial penalties could be imposed for standard violations as a type of regulatory action. According to an IBM analysis, security breaches in India cost businesses and industries an average of Rs 17.6 crore in FY22.
On July 19, the Ministry of Home Affairs informed Parliament that, as of June 2022, there had been 674,021 cyber security incidents. In response to a question in the Lok Sabha, Minister of State for Home Affairs Ajay Kumar Mishra stated that there had been around 3.94 lakh cyber security incidents in 2019, 1.15 lakh in 2020, and 1.40 lakh in 2021.
Earlier on Tuesday, the Reserve Bank of India had expressed “grave concern” regarding the release of banking inspection reports via RTI, and warned the Supreme Court that such revelations might violate the confidentiality clause affixed to bank information about specific people and businesses and have a negative impact on the economy.