Reserve Bank of India Deputy Governor S.S. Mundra has asked banks to articulate the role of chief information security officers (CISO) clearly as the central bank was not comfortable with banks’ approach to the significance of the role.
“The involvement of the board/senior management in appointing chief information security officers is becoming increasingly crucial,” Mr. Mundra said in a speech, which was put on RBI’s website on Thursday.
“It is important that CISO is sufficiently senior in hierarchy; understands technology well; appreciates the security aspects of all the technologies adopted by the bank; is responsive and is sufficiently enabled to stall launch of unsecure products, whenever necessary. However, ground realities do not provide the needed comfort,” he said adding that the role of CISO needs to be clearly articulated and reinforced immediately.
Banks, which are increasingly focussing on the digital mode of transactions, have faced several recent breaches of cybersecurity both in India and globally.
Recently, banks had to change debit card pins after security breach was detected at some ATMS of a particular bank.
“The scare that was created during the recent ATM/Debit card incident clearly indicates that cybersecurity requires top attention by the Board,” Mr. Mundra said.
Mr. Mundra said there had been a phenomenal push towards digital payment, following the withdrawal of ₹500 and ₹1,000 notes in November. “We need to be conscious of security aspects as well,” he said.