cyber security
www.pwc.in
Background
6LQFHEDQNVLQ,QGLDKDYHUDSLGO\DGRSWHGQHZHU A paradigm shift has recently been observed in attacks
technologies and digital channels, with the underlying exploiting the source, behaviour, motives and vectors. This
REMHFWLYHRILQFUHDVLQJIRRWSULQWVDQGUHYHQXHV:HKDYHDOVR indicates that
seen customer preferences shift towards digital platforms. the traditional
There is a perception, though, that the adoption of advanced RBI realises that banks multilayered
cyber security practices has not kept pace with the rate of defence that
evolution of core business-enabling technology. While in
need to take a holistic banks already
FRPSDULVRQWRVHYHUDORWKHUVHFWRUVEDQNVDUHGHQLWHO\VHHQ and integrated approach have is not
to be more proactive in investing and improving security towards cyber security adequate.
practices, such measures may still be inadequate considering operation transformation. Globally, there
WKHFKDOOHQJHVWKDWWKHLQGXVWU\LVIDFLQJWRGD\6RPH is a rise in
challenges with the traditional approach to IT security are: cyber security
incidents and
3UROLIHUDWLRQRIDWWDFNYHFWRUVDQGHQKDQFHGDWWDFNVXUIDFH several of them
3UROLIHUDWLRQRIGLJLWDODQGVKLIWLQJFXVWRPHUSUHIHUHQFH have been large-scale breaches, frauds and heists. The impact
RIVXFKEUHDFKHVGRHVQRWHQGZLWKVHULRXVQDQFLDOORVVEXWLQ
6RSKLVWLFDWLRQRIWKUHDW most cases, can also potentially erode substantial brand value.
actors and enhanced
targeting of banks
Inadequate
RBI has taken a step in the right direction by realising the
traditional IT inherent need for banks to strengthen their cyber security
4. Banking increasingly
operating as a boundary- security measures posture in the wake of the increasingly sophisticated nature
less ecosystem and quantum of attacks.
In many ways, this is an opportunity for banks to take a step forward and assess themselves with a view to improving their cyber
VHFXULW\SRVWXUH&KLHILQIRUPDWLRQVHFXULW\RIFHUV&,62VRIWLHUEDQNVVKRXOGVHL]HWKLVRSSRUWXQLW\WRHPEDUNRQDMRXUQH\
WRHVWDEOLVKLQJWKHQH[WJHQHUDWLRQRIF\EHUVHFXULW\GHIHQFHZKLOH&,62VRIVPDOOHUEDQNVVKRXOGORRNWRPRYHIURPDQ
asset-centric security approach to establishing a holistic baseline security programme. We believe that banks should guard
against taking a compliance-centric approach to the circular.
We believe that this circular will shift the cyber security needle for the banking industry largely in the following areas:
Challenges for Banks will need to take a risk-based approach while building
Siddharth Vishwanath
Partner, Cyber Security www.pwc.com/in
Tel: +91 (22) 66691559
siddharth.vishwanath@in.pwc.com
Sundareshwar Krishnamurthy
Partner, Cyber Security Data Classification: DC0
Tel: +91 (22) 6119 8171 This document does not constitute professional advice. The information
in this document has been obtained or derived from sources believed by
sundareshwar.krishnamurthy@in.pwc.com PricewaterhouseCoopers Private Limited (PwCPL) to be reliable but PwCPL
does not represent that this information is accurate or complete. Any opinions or
estimates contained in this document represent the judgment of PwCPL at this
Hemant Arora time and are subject to change without notice. Readers of this publication are
Executive Director, Cyber Security advised to seek their own professional advice before taking any course of action
Tel: +91 (124) 626 6717 or decision, for which they are entirely responsible, based on the contents of this
publication. PwCPL neither accepts or assumes any responsibility or liability to
hemant.arora@in.pwc.com any reader of this publication in respect of the information contained within it or
for any decisions readers may take or decide not to or fail to take.
PVS Murthy 2016 PricewaterhouseCoopers Private Limited. All rights reserved.
In this document, PwC refers to PricewaterhouseCoopers Private
Executive Director, Cyber Security Limited (a limited liability company in India having Corporate Identity
Tel: +91 (22) 66691214 Number or CIN : U74140WB1983PTC036093), which is a member firm of
pvs.murthy@in.pwc.com PricewaterhouseCoopers International Limited (PwCIL), each member firm of
which is a separate legal entity.
SUS/July2016-6734