On Thursday, August 8, Reserve Bank of India (RBI) Governor Shaktikanta Das urged banks and financial institutions to enhance their IT and cybersecurity measures following a major global outage experienced by Microsoft. This outage caused significant disruptions across various sectors, including travel and finance. Das highlighted that such incidents underscore the risks associated with heavy reliance on major tech companies and third-party technology providers.
Das commented, "The recent unprecedented IT outage affected businesses worldwide. It demonstrated how a seemingly minor technical error can lead to widespread chaos. This incident has exposed our growing dependence on major tech firms and external technology solutions. Therefore, it is crucial for banks and financial institutions to develop robust risk management frameworks for their IT, cybersecurity, and third-party outsourcing operations to ensure operational resilience. The RBI has consistently stressed the importance of strong business continuity plans (BCPs) to handle such situations."
According to RBI statistics, the number of security incidents managed by the Indian Computer Emergency Response Team (CERT-In) surged from 53,117 in 2017 to 1,320,106 between January and October 2023. Over 80% of these incidents involve unauthorized network scanning, probing, and vulnerable services.
The RBI's currency and finance report indicates that global cybercrime costs are projected to reach $13.82 trillion by 2028, up from $8.15 trillion in 2023. Additionally, the average cost of a data breach has risen to $4.45 million in 2023, marking a 15% increase over the past three years.
In response to these escalating costs, many central banks have boosted their cybersecurity investment budgets by 5% since 2020. In India, the average cost of data breaches is $2.18 million in 2023, reflecting a 28% rise since 2020, although this remains below the global average. Phishing remains the most common attack method in India, accounting for 22% of all incidents, followed by stolen or compromised credentials at 16%.
On July 19, the RBI reported that India’s financial sector was largely unaffected by the global Microsoft outage. The regulator’s assessment revealed that only 10 banks and non-banking financial companies (NBFCs) experienced minor disruptions. The RBI noted that “most banks' critical systems are not hosted in the cloud, and only a few are using the CrowdStrike tool.”
The global Microsoft outage had caused disruptions to flights, banks, and businesses worldwide. Users encountered the infamous Blue Screen of Death error, which led to system crashes and restarts. The RBI had inquired whether customer-facing services, including branches, ATMs, mobile banking, and net banking, were operating normally following the technical issues experienced by Microsoft and its cybersecurity partner, CrowdStrike.
RBI Governor Shaktikanta Das: No Immediate Recession Concern for US, India Remains Resilient
RBI Increases UPI Tax Payment Limit to Rs. 5 Lakh: A Boost for Digital Transactions
RBI Holds Key Rates Steady for Ninth Consecutive Time, Focuses on Inflation and Growth
