Reserve Bank of India (RBI) has asked banks to immediately put in place a cyber-security policy to tackle internet-based threats to the banking system.
"In view of the low barriers to entry, evolving nature, growing scale/velocity, motivation and resourcefulness of cyber-threats to the banking system, it is essential to enhance the resilience of the banking system by improving the current defences in addressing cyber risks," the Reserve Bank said in a notification.
It further said that the cyber security policy should be separate from the broader IT policy so that it can highlight the risks from cyber threats and the measures to address / mitigate them.
Noting that the use of technology by banks has gained momentum, RBI said the number, frequency and impact of cyber incidents/attacks have increased manifold in the recent past, more so in the case of financial sector.
This underlines the urgent need to put in place a robust cyber security/resilience framework at banks and ensure adequate cyber-security preparedness among banks on a continuous basis, it said.
The central bank said a Cyber Crisis Management Plan (CCMP) should be immediately evolved and should be part of the overall Board approved strategy.
"CCMP should address the following four aspects - detection, response, recovery and containment," RBI said.