Context
The International Monetary Fund (IMF) report titled “Cyber Risk: A Growing Concern for Macrofinancial Stability” presents a concerning picture of the increasing threats posed by cyber incidents to the financial sector.
Key Findings from Global Financial Stability Report 2024
- Increased Cyberattack Risks: The rise of digitisation, evolving technologies, and growing geopolitical tensions are creating increased cyberattacks, potentially jeopardizing global financial stability.
- Increased Attack Surface for Cybercriminals: According to CyberPeace, a Delhi-based think tank focused on policy-making around cybersecurity, the rise of financial technology (fintech) and digital banking services significantly increased the attack surface for cybercriminals.
- Surge in Card and Internet Fraud Cases: According to a recent Reserve Bank of India (RBI) report, there is a surge in card and internet fraud cases in the first quarter of FY24, with total damages reaching Rs. 630 crore.
Enroll now for UPSC Online Course
- Exploitation of Digital Vulnerabilities: These digital vulnerabilities are being exploited by cybercriminals to steal sensitive financial information, leading to substantial financial losses.
- There is a growing reliance of financial institutions on third-party IT service providers.
- These dependencies introduce additional vulnerabilities, as a cyberattack on a single service provider could potentially impact multiple financial institutions.
- Threat of Cyber Attacks and Data Breach: As per the global risk management survey focused on India by financial services firm Aon, the threat of cyber attacks and data breach were the top risks in the global financial market as well as in India (accounting for 18.3% of the losses incurred).
- Risks of Systemic Threat: The report warns that severe incidents at major financial institutions could pose a systemic threat, causing a loss of confidence, disruption of critical services, and even spillovers to other institutions due to interconnectedness.
- While cyber incidents have not yet been systemic, the risk of extreme losses for firms – estimated to be at least $2.5 billion – has grown considerably.
- Moreover, indirect losses tend to be substantially larger than reported direct losses, further amplifying the financial impact.
- Mitigating Risks: The analysis suggests that more developed cyber legislation and better cyber governance at firms can help mitigate such risks.
Financial Stability Board (FSB): An international body that monitors and makes recommendations about the global financial system.
- Mandate: Promote coordination and information exchange among authorities responsible for financial stability.
- Headquarters: Basel, Switzerland.
- Its decisions are not legally binding on members.
- India is a Member of the FSB.
Asia Pacific Economic Cooperation (APEC):
- About: It is a regional economic forum that was established in 1989.
- Aim: To leverage the growing interdependence of the Asia-Pacific and create greater prosperity for the region’s people through regional economic integration.
- Function: It operates based on non-binding commitments with decisions reached by consensus and commitments undertaken voluntarily.
- Membership: Australia, Brunei, New Zealand, Papua New Guinea, Hong Kong (as part of China), the Philippines, Indonesia, Malaysia, Vietnam, Singapore, Thailand, Chinese Taipei (Taiwan), China, Japan, South Korea, Russia, Canada, the United States, Mexico, Peru, and Chile.
- India is not a Member.
|
- Role of International Cooperation: It can effectively respond to cyber incidents involving multiple countries.
- Collaborative efforts can enhance mitigation strategies and contribute to developing international norms and regulations governing cybersecurity.
- Financial crimes like cyberattacks often transcend national borders, making coordinated efforts crucial.
- Strengthen Global Cybersecurity Defenses: There is a need for information sharing, best practices, and resource collaboration to strengthen global cybersecurity defences.
- Need for Global Action: The report calls for global action to address the rising threat of cyberattacks on the financial sector.
Global Cyber Preparedness Levels
- Inadequate Preparedness: The IMF survey of 51 countries revealed that many financial supervisors still lack robust cybersecurity regulations or resources for enforcement.
- 56% do not have a national cyber strategy for the financial sector
- 42% do not have dedicated cyber security or technology risk management regulations
- 68% lack a specialized risk unit as part of their supervision department
- 64% do not mandate testing and exercising cyber security measures or provide further guidance
- 54% lack a dedicated cyber incident reporting regime
- 48% do not have cybercrime regulations.
Key Recommendations Highlighted in Global Financial Stability Report 2024
-
Strengthening National Cybersecurity Frameworks:
- Countries must develop robust national cybersecurity strategies tailored to the financial sector.
- These strategies should include clear roles and responsibilities for government agencies, financial institutions, and other stakeholders.
-
Enhancing Regulatory Frameworks:
- Regulatory frameworks for cybersecurity in the financial sector need to be strengthened and consistently enforced.
- This includes mandating minimum cybersecurity standards for financial institutions and service providers.
-
Building a Capable Workforce:
- There’s a growing need to invest in building a skilled cybersecurity workforce.
- This includes training and education programs to equip professionals with the necessary expertise to identify, prevent, and respond to cyber threats.
-
Fostering International Cooperation:
-
- Countries should collaborate on information sharing, best practices, and joint investigations to disrupt cybercriminal activities.
-
- A strong cybersecurity culture within financial institutions is essential.
- This involves raising awareness among employees about cyber threats and best practices for protecting sensitive information.
-
Prioritization of Cybersecurity Measures by Third-party IT Service Providers:
- This includes implementing strong encryption protocols, conducting regular security audits, and adhering to best practices for data security.
- Financial institutions should conduct thorough due diligence when selecting third-party vendors and ensure contractual obligations regarding cybersecurity are clearly defined and enforced.
Status of India’s Financial Sector
- Challenges in Dealing with Cyber Threats: India’s financial sector, while experiencing rapid growth, faces significant challenges in dealing with cyber threats.
- Smaller financial entities lack the resources and expertise to combat sophisticated cyberattacks effectively.
- Cyber Attacks: As per a December 2023 report by the RBI, the Indian financial sector was confronted with more than 13 lakh cyber-attacks between January and October 2023.
Enroll now for UPSC Online Classes
Government Interventions to Combat Cyber Threats
- Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS): It has been developed for quick reporting of financial cyber frauds and monetary losses suffered due to the use of digital banking/credit/debit cards, payment intermediaries, UPI, etc.
- Digital Personal Data Protection Act, 2023: It aims to provide strong protection and privacy of personal data.
- RBI’s cybersecurity framework: It outlines requirements for banks and other financial institutions to establish robust cybersecurity practices.
-
- These practices include risk assessment, incident response, and information-sharing mechanisms.
- Cyber Security Operations Center (C-SOC): It acts as a centralised hub for monitoring and responding to cyber incidents.
- Cyber Crisis Management Plan (CCMP): It aims to enhance the financial sector’s resilience against cyber threats.
- The CCMP provides a structured approach for managing cybersecurity crises and coordinating response efforts among stakeholders.
Also Read: Indian Cyber Threat Report 2023: Key Findings