Cybersecurity threatens business continuity and is now more a business issue than an information technology issue.

• At Citigroup, about 360,000 customer accounts were compromised and the bank had been forced to reissue 218,000 new cards.
• Under Basel II norms, banks with better cybersecurity preparedness will need less capital freeing up cash for more productive use.

HELPS IN COMPLIANCE:

• There has been a working committee recommendation made to make cybersecurity audit mandatory by an appropriate amendment in the listing requirements under the Companies Act in India.
• Reserve Bank of India has already mandated that the banks have a board-approved cybersecurity policy and cybersecurity policy should be distinct from information security policy.

MAKES IMPLEMENTING POLICIES EASIER:

• Employees gain information uniquely relevant to current bank risks and management concerns.

BUILDS CONFIDENCE IN THE MARKET:

• Employees are able to better explain security features.
• Reduces cyber insurance premiums.

Fertile ground for creating new cybersecurity professionals who are scarce in the industry.

Helps future employees to remain aware of the implications of digital activities they undertake.

• According to a survey conducted by PwC in 2015, a little less than half (46%) of the respondents said that current employees expose their organization to security incidents.

CONFIDENTLY HANDLE CUSTOMER QUERIES ON SECURITY:

• Various banking firms are spending millions of dollars on educating customers about adhering to the security principles. Trained employees can ascertain the effectiveness of the first touchpoint.

UNDERSTAND CYBERSECURITY PROCESSES:

• According to a survey conducted by PwC in 2015, nearly 34% of respondents held former employees responsible for security incidents. This indicates that the companies need to establish greater rigour in their exit related processes and make sure that all accounts and access of the users are deactivated upon separation.

HELPS IN DETECTION AND RESPONSE AGAINST ANY THREAT IN A TIMELY MANNER:

• Ponemon, leading Research Company in privacy and security, recently calculated the effectiveness of anti-phishing training programs. The least effective training program still had a seven-fold return on investment.

Democratize knowledge on cybersecurity so that some employees do not misuse their superior knowledge.

SUGGESTIONS:

• To start with, it should be mandatory for the banking and financial markets professionals to go through initial training in cybersecurity. It should be part of the on-boarding process. Also, they should be tasked with propagating this knowledge to the customers. The problem is that with so many touch-points in the banking systems it’s like leaving a gate open for an intruder if proper checks and balances are not put in place.
• There should be awareness workshops for the higher management teams in the banks.
• At a more technical level, rigorous, skill-based training for the IT professionals should be put in place. Holistic frameworks propagated by institutions such as the National Institute of Standards and Technology (NIST) should be put in practice. Cybersecurity should have all the areas such as initiate, protect, detect, respond and recover covered.

The magnitude of the potential threat is too large to be ignored. RBI has been very proactive in its directives but it’s for the banks to follow.

Views expressed in this article are mine and not necessarily of my employer.

This article is originally published by Sumit K Jha