Raising the cyber security bar in the journey to a digital India
India continues to march towards its goal of bringing its 1.2 billion citizens into the fold of an all-digital economy. Based on presenceless, paperless, cashless and consent-based layers of infrastructure the country is moving quickly to establish an open platform for government, businesses and citizens to transact in an efficient, reliable and secure manner. But as the digital agenda of India is unfolding, the risks of cyberattacks are only growing and need to be addressed effectively. In this paper, SWIFT and Booz Allen Hamilton look at cyber trends globally and India, risks that exist in correspondent banking and the solutions for the community to respond to these threats.
This ambitious digitalisation project has made significant progress in recent years. Launched in 2010 the Unique Identification Authority of India (UIDAI) has achieved over 89% penetration. Approximately 1.1 billion Aadhaar identity cards, linked to biometric data, accessible over application programming interfaces (APIs) now facilitate authentication anytime, anywhere. The scheme underlies a new generation of national infrastructure services. Over 150 million paperless Know Your Customer (eKYC) transactions, 2.4 billion documents stored securely in DigiLocker, and 30 million digital and legally binding signatures, are early artefacts of this powerful India stack.
Financial services at the forefront of digital transformation
Indian regulators, financial institutions and market infrastructures are at the forefront of this digital transformation. More than 250 million bank accounts are Aadhaar linked. With initiatives such as de-monetisation, electronic payments surged over 13.5% in 2017. In nine months of service the National Payments Corporation of India’s (NPCI) Unified Payments Interface (UPI) saw 414 million transactions. This digital transformation is driven by new transaction schemes, growing digital transaction volumes, disruptive technology such as APIs, Cloud and Artificial Intelligence, and new fintech entrants, which continue to make financial sector participation an increasingly complex enterprise.
Increasingly sophisticated and persistent cyber threats
Unfortunately, sophisticated and persistent malicious actors threaten this transformation agenda. For the first time cyberattacks appear in the World Economic Forum’s (WEF) annual global risk report as the third highest risk, behind extreme weather events and natural disasters; just two years ago, in 2016, cyber was 10th in the WEF rankings. Cases of fraud, data breaches and ransomware are on the rise globally, causing significant disruptions and damage. India is no exception.
Cyberattacks are inevitable and cybersecurity should be assumed as part of the cost of doing business in a digital economy. To effectively responding to these threats requires collaboration between all stakeholders. Financial institutions, their vendors, regulators and government agencies must co-create new tools, establish market practices for information sharing and practice incident responses together. In India, the Prime Minister’s Office for Cybersecurity, CERT India, and the National Cyber Security Coordination Centre all play an important role in enabling the nation’s digital defence.
In order to support financial institutions, SWIFT also put together the Customer Security Programme in 2016 to empower its members and help the industry respond to this persistent threat.