Individuals can lose trust if they are brought online in the name of financial inclusion only to be exposed to cyber harms that they cannot recover from, cautioned RBI Deputy Governor MK Jain.

“For digital financial inclusion to be successful, it is not enough to bring people into the digital economy. All the stakeholders must ensure that people are resilient against the risks they will be likely exposed to,” Jain said in his keynote address at an international event on ‘Cyber security exercise for banking sector’ in Mumbai.

He observed that financial inclusion aims to provide access to financial services for the underserved and marginalised populations, and rapid strides have been made in this area facilitated by digital public infrastructures.

However, these populations are more vulnerable to cyber risks due to their lack of awareness about cybersecurity.

Jain underscored that understanding financial stability vulnerabilities emerging from cyber perspective is critical because existing capital and liquidity prescriptions may not mitigate the effect of a cyber event the same way they mitigate financial losses.

For instance, capital and liquidity can provide the financial resources to respond to a cyber incident but may not speed up the process of recovering systems or data.

Cyber-attacks

“Cyber-attacks can disrupt critical financial operations within banks, rendering them unable to process transactions, access customer accounts, or execute essential functions.

“This disruption can result in a loss of confidence in the banking system, as customers and businesses may face difficulties in accessing their funds or conducting normal financial activities. Such disruptions can lead to financial instability, especially if they affect multiple banks or are prolonged,”Jain said.

The Deputy Governor observed that enhancements in service offerings, such as longer operating hours of payment systems and shorter clearing and settlement windows, leave the financial system with fewer service breaks in which operations can be restored after a cyber incident.

Uncertainty about the nature and extent of an incident may also prompt runs on counterparties, competitors, or unaffected segments of the financial entity’s operations, he added.

“While there is extensive ongoing supervisory attention to entity-level cyber resilience, data gaps remain. At the entity level, there is need for consistent data on cyber incidents.

“At the system level, relevant data measures of digital interdependencies and the speed with which backup systems can be quickly enabled, are required,” Jain said.

The Deputy Governor said cyber-attacks should become more expensive and riskier for the perpetrators through effective measures to confiscate proceeds of crime and prosecute criminals. Stepping up international efforts to prevent, disrupt and deter attackers would reduce the threat at its source, he added.