March 2019
« Feb    

Taking on cyber threats in Indian Banking – The Sensible way

Harun R Khan, Deputy Governor, Reserve Bank of India

Harun R Khan, Former Deputy Governor, Reserve Bank of India

 By  Harun R Khan, Former Deputy Governor, Reserve Bank of India

For the financial sector specifically, there is a need to look into the extant IT environment,

since there is a feeling that the IT infrastructure at most financial firms is fragmented and inconsistent.

The financial sector industry rests on trust and credibility, and increasing cybercrime is threatening this basic premise. According to a report released by the British Bankers’ Association (BBA) in association with PwC, ‘defending and countering cyber-attacks whilst keeping up-to-date with evolving regulations and policy is a complex challenge’.

As you know, cyber crimes are getting sophisticated and nuanced. Their perpetrators could be broadly categorised as ‘organised cyber criminals’ and ‘enemy state agents’. Motives could be anything ranging from corporate espionage to intellectual property rights to siphoning off funds. In all these, if we look at it seriously, the primary weapon is exploiting vulnerabilities. While they cannot be easily wished away, the only way corporates can tackle this is to be “proactive” about their “cyber resilience”.

In the case of a data theft last year at one of the global investment bank, what was disturbing was not the security breach per se but the fact that the hackers were inside their systems for close to two months before being noticed! Corporates need to put in place a robust business continuity management (BCM) plan (which is the broad theme of the last session of this summit) and perform business impact analysis. No corporate can afford to brush these off as trivial non-operating activities since the potential risks involve not only monetary loss but also reputation and legal risk which can simply demolish established businesses.

A survey indicates that 41% of economic crime was committed by employees within an organisation. How do we address this? Can we seriously think of examining the incentive-compatibility structures at our companies? Since risk is inherent in every business, in the absence of appropriate incentive compatibility structures, we may encounter behavioural patterns leading to decision making processes that de-risk the individual rather than taking the optimal decisions that would benefit the organisation. Such behavioural patterns may lead to functional paralysis and at times, to explosive business disruptions within the organisation.

 The sustainable solution for risk mitigation lies, to a great extent, in knowledge leadership. To progress from ‘me too’ business models which are all too vulnerable to disruptive onslaught from ever nimbler start-ups to ‘knowledge leadership’ is a significant leap. But India as a country has to make that leap in order to develop sustainable source of leadership. And such leaps will have to be enabled at our educational institutions, vocational or otherwise.More and more institutions of excellence must be encouraged to serve as incubators for legions of technology breakthroughs. The question we require to pose is what stops us from replicating such innovation centric knowledge hubs. Knowledge leadership doesn’t imply that Indian industry as a whole will be insulated from churning. After all there is only one company common between the Dow Jones index of the early twentieth century and twenty first century. It rather means that such leadership will entail that for every loser in such an enterprise, there are multiple winners.

Courtesy: RBI