The government is working on creating a single framework for reporting breach of cyber security at financial institutions and a working group is soon likely to be formed, sources in the know told FE. “There is some progress on unification of the reporting mechanism. There have been some discussions,” a senior banker said. National cyber security coordinator Gulshan Rai is known to have got in touch with bankers with regard to the matter. At present, banks report incidents of breach in cybersecurity to the Reserve Bank of India (RBI), the Indian Computer Emergency Response Team (CERT-In), National Critical Information Infrastructure Protection Centre (NCIIPC) and the Indian Banks – Center for Analysis of Risks and Threats (IB-CART).
Industry players say the system of reporting to multiple entities and lack of standardisation of the nature and degree of cyber threats are two of the reasons behind poor reporting of security breaches in the country. The issue came to the fore in October 2016 when banks invalidated lakhs of debit cards as it had been feared that some of these may have been infected by the ATM network of a mid-sized private bank. The network, operated by Hitachi Payment Services, had been hit by a malware attack. In February 2017, Hitachi confirmed the security breach.Banks had come in for criticism last year as they had not made news of the security breach public even though they had been aware of it since August 2016.