By Sohini Banerjee and K.S. Roshan Menon
The World Economic Forum’s 2021 report on global risks featured cyber threats as among the most significant risks to society and the economy. At the outset, it is worth noting two key factors at play. First, the financial services sector has been a prime target for threat actors; and second, the nature of cyber risk that financial entities are exposed to has changed over the last few years. The driving agents of both the abovementioned factors look alike. The financial services sector processes vast troves of personal data, and makes use of rapidly evolving technology to deliver their services better. Further, financial entities companies are becoming more decentralised in their operation – with an increasing number of linkages being developed between financial entities and external service providers. These factors complicate what constitutes robust cybersecurity risk management.
In this post, we advocate for a resilience-based approach to cybersecurity in the Indian financial services sector. We believe that adopting an approach of ‘cyber-resilience’ would help players to adequately guard against cyber-attacks, as well as respond to and recover from a potential cyber-attack. A cyber resilient approach would ensure that regulated entities are able to protect themselves, their customers, as well as the entire financial services sector.