Reserve Bank of India has expressed concerns over risks arising from financial institutions' dependence on artificial intelligence and third-party information technology. This risk could intensify in tightly interconnected institutions, the central bank said in its bi-annual Financial Stability Report.
A major cyber incident in these IT service providers may in turn impact multiple regulated entities simultaneously, causing a cyberattack on a system-wide level. «In the recent past, multiple incidents involving payment and settlement systems have led to significant disruptions in interbank transactions and payment failures,» the report stated.
"Cyberattacks are found to swell during periods of political and economic uncertainty such as geopolitical tensions, with disruptive consequences," it added.
Most of these incidents involve threat actors leaking an institution's information such as card data, customers' KYC details, and KYC documents on the dark web, social media or public platforms for sale.
Among different segment of lenders, urban cooperative banks (UCBs) have seen highest share — 41% — of 'high risk' cyberattacks among all regulated entities. Attacks such as social engineering, application security and ransomware vulnerabilities were the most common in the last fiscal. The Reserve Bank of India had issued directions on outsourcing of IT services, which stipulate that regulated entities should report cyber incidents within six hours of detection by third-party service providers.
The number of publicly