Cyber Security


While a hundred percent efficiency is difficult to achieve in any human process, maximizing cybersecurity resilience and bouncing back from an attack with minimal impact is imperative for all businesses. Organizations must invest in quality tools and define standard protection processes to stand firm in the face of an attack.

Our team of cybersecurity experts can help you ensure the following:

Identify and Protect

  • IT Governance
  • Identification of critical assets
  • Access controls
  • Physical security
  • Network security management
  • Security of data
  • Hardening of hardware & software
  • Application security and testing
  • Patch management
  • Disposal of systems
  • Vulnerability assessment & penetration testing

Detect and Respond

  • Monitoring Processes
  • External & internal implications
  • Detection of attacks on systems & network
  • Alerts & responses to unauthorized/abnormal systems

Remediate and Recover

  • Timely restoration of systems
  • Loss/destruction instructions being included as ongoing learnings
  • Periodic drills, training & audits
  • Information sharing & transparency

RBI & SEBI Guidelines

The Reserve Bank of India (RBI) and Securities Exchange Board of India (SEBI) Guidelines related to Cyber Security framework are meant to enable banks and other NBFC’s to formalize and adopt cybersecurity policies along with a cyber crisis management plan.

SEBI has issued a circular to maintain robust cyber security and resilience frameworks to protect the integrity of data and breaches against privacy. As a part of the operational risk management, there are requirements for all Mutual Funds (MF) and Asset Management Companies (AMC) to comply with circular SEBI/HO/IMD/DF2/CIR/P/2019/12 effective April 1, 2019

RBI provided guidelines on Cyber Security Framework vide circular DBS.CO/CSITE/BC.11/33.01.001/2015--16 dated June 2, 2016, where it highlighted the urgent need among banks to put in place a robust cybersecurity/resilience framework to ensure adequate cyber-security preparedness.

Who are these guidelines applicable to?

The guidelines apply to all Mutual Funds and Asset Management Companies regulated by SEBI and all banks regulated by RBI. They apply to all data created, received, or maintained, wherever these data records are and whatever form they are in, in the course of carrying out their designated duties and functions.

Impact of Non- Compliance

The cybersecurity guidelines, by large, can be mapped to the NIST framework, which was developed with a focus on industries vital to national and economic security.

Banks need to assess their Cyber Security preparedness under the active guidance and oversight of the IT Sub Committee of the Board or the Bank’s Board directly. The Banks also need to report to the Cyber Security and Information Technology Examination (CSITE) Cell of the Department of Banking Supervision, Reserve Bank of India; about the following:

  • Identified gaps w.r.t. Cyber Security/Resilience Framework.
  • Proposed measures/controls and their expected effectiveness.
  • Milestones with timelines for implementing the proposed controls/measures.
  • Measurement criteria for assessing their effectiveness, including the risk assessment and risk management methodology followed/proposed by the bank.