The country’s financial sector regulators have been active in the cyber securityspace despite lacking an overarching framework in place, a report by consulting firm Deloitte on Cyber Regulation in Asia Pacific, said.
“India is making leaps and bounds on the digital bandwagon. While businesses are accelerating their adoption of digital and other emerging technologies, criminals and organised crime are not far behind,” Shree Parthasarathy, partner – Risk Advisory Services, Deloitte Touche Tohmatsu India, said.
India still does not have a cyber security framework and its National Cyber Security Policy lacked an implementation framework and is yet to be adopted by the industry, he said.
Tohmatsu pointed out the recent outbreak of WannaCry (ransomware attack) was an awakening call for the country.While not many incidents were reported, it is hard to believe that India Inc was not affected,” he said, adding, “We need to accelerate the pace of implementation of security measures, before it is too late and before citizens start losing trust the system.”
The report noted that financial regulators including the Reserve Bank of India, Insurance Regulatory Development Authority (IRDAI) and Sebi have all worked out measures.
In 2011, the RBI released a comprehensive set of guidelines on information security, electronic banking, technology risk management and cyber frauds.Last year, it put out detailed guidelines regarding cyber for financial institutions.
It is also planning to conduct annual cyber audits and has established a specialised cell (C-SITE) to conduct detailed IT examination of banks’ cyber security preparedness, to identify the gaps and to monitor the progress of remedial measures, the report said.
Sebi is also planning on setting up a cyber security lab for the securities market during 2017 to 2018.
There were reports that the regulator will appoint a chief information technology security officer to strengthen the cyber security regulatory policy framework.