Banks most affected by cybersecurity incidents: Economic Survey

The Economic Survey 2024-25 said banks were the most affected by cybersecurity incidents with reports indicating that almost one-fifth of all reported cyber incidents involve financial institutions. It said the Indian financial sector amid digital transformation was also exposed to increased and diverse cyber threats.

Also Read: Economic Survey 2024-25 Highlights

It said the digital revolution had concurrently introduced new challenges and threats, including the illicit use of cyberspace for criminal activities.

“These threats, ranging from phishing and ransomware to Distributed Denial of Service (DDoS) attacks, SMSing, and fake/malicious mobile applications, pose serious challenges to the financial system’s stability,” the report said.

The Survey stated that as per the information reported to and tracked by the Indian Computer Emergency Response Team (CERT-In), the number of observed and handled cybersecurity incidents stood at 11.6 lakh, 14 lakh and 13.9 lakh respectively during 2020, 2021 and 2022.

Sensitive data

“The financial sector remains susceptible to cyber threats because it manages sensitive data and conducts critical transactions. Criminals often target financial institutions to either gain unauthorised access to assets or disrupt financial activities, jeopardising economic stability. Reports indicate that almost one-fifth of all reported cyber incidents involve financial institutions, with banks being the most affected,” the report said.

According to International Monetary Fund’s April 2024 Global Financial Stability Report, cyberattacks have resulted in extreme financial losses, which have increased fourfold since 2017, amounting to $2.5 billion. Beyond these direct losses, indirect costs such as reputational damage and expenditures on enhanced security have also significantly risen, the report said.

India’s Tier 1 ranking in the Global Cybersecurity Index (GCI) 2024, with a commendable score of 98.49 out of 100, signifies a significant milestone in its cybersecurity journey. “This recognition places India among the world’s ‘role-model’ nations in cybersecurity,” the report said. The GCI evaluates national efforts across five pillars — legal, technical, organisational, capacity building, and cooperation.

The report said the Indian banking sector benefited from a comprehensive and modern regulatory structure for cybersecurity, guided by both international and national standards, adding that the Reserve Bank of India (RBI) had recently introduced regulations on the oversight of IT outsourcing, including cloud services, as well as standards for the cyber resilience of digital payments.

Also Read: Economic Survey 2024-25: full document, highlights

“India’s strong performance in cybersecurity is driven by a range of initiatives and measures implemented by the government to enhance cyber resilience and establish robust frameworks for cybercrime laws and cybersecurity standards. The country’s legal institutions are well-equipped to tackle cybersecurity challenges and combat cybercrime, ensuring the protection of its digital infrastructure,” the report said.