In absence of proper regulatory and supervisory capabilities, some regulators in Asia-Pacific region believe the next financial crisis might be triggered by a cyber attack, said a new report on cyber security.
According to Deloitte's ‘cyber regulation in Asia Pacific’ report, cyber attacks are increasing in frequency and sophistication and it is estimated that the cost of cybercrime can be up to $575billion per year, and the financial services sector is a key target. The report was released on August 17 across the globe.
"Cyber risks are only set to increase as financial institutions become more data-driven digital businesses, and as more financial services are delivered online. If cyber risks and responses are not well managed, it could even threaten the stability of the financial system,” said Kevin Nixon, global & Asia-Pacific leader, centre for regulatory strategy, Deloitte.
Only those financial institutions who have robust cyber security and cyber risk management will be able to retain customers, maintain trust and enhance their competitive edge, Nixon said.
On cyber regulations in India, Deloitte stated in the report, “Even though India is making leaps and bounds on the ‘Digital India’ initiative, it still does not have a cyber security framework.”
“The government has introduced the National Cyber Security Policy in 2013 to provide an umbrella framework for defining and guiding actions related to cyber security… While the policy was well received, it has lacked an implementation framework and is yet to be adopted by (electronics and IT) industry,” the report noted.
Regulators and agencies are scrambling to conduct cyber audits of IT and network infrastructure of their respective sectors in order to identify the gaps and to put in place remedial measures, said Shree Parthasarathy, partner – risk advisory services, Deloitte Touche Tohmatsu India LLP.
“While we go digital, India Inc and the government have to embrace the fact that cyber security is not an option. We need to accelerate the pace of implementation of security measures, before it is too late and before citizens start losing trust the system,” he said.
The report noted that India's financial services regulators have been active in the cyber security space.
As early as 2011, the RBI released a comprehensive set of guidelines on information security, electronic banking, technology risk management and cyber frauds.
In June 2016, the RBI issued a circular on cyber security frameworks in banks that sets out detailed guidelines for such financial institutions.
“The RBI is also planning on conducting annual cyber audits and has established a specialised cell (C-SITE) to conduct detailed IT examinations of banks' cyber security preparedness, to identify the gaps and to monitor the progress of remedial measures,” the report said.
It also highlighted the work being carried out by Insurance Regulatory and Development Authority and Securities and Exchange Board of India in cyber security.