The banking industry is now seriously concerned about the issue of cybercrime as attacks get more frequent. The fast-growing digital lending sector, which aims to get the next 500 million customers onto digital platforms, is beginning to understand the significance of cybersecurity as traditional banking firms have been addressing this threat. It is encouraging that the Reserve Bank of India’s new guidelines on the digital lending segment included a section on addressing cybersecurity given the growing concerns in the field of digital lending.
Is India still using a top-down approach to cybersecurity?
In terms of monetary value, cybercrime is now the most prevalent. It has surpassed illegal drug trafficking, which was formerly the most valuable crime. Also, the pandemic and subsequent shutdown increased cybercriminal activity. Individuals must also take responsibility to avoid being deceived by cyber thieves. People must ensure that our data is protected as much as possible. When it comes to organizations, aside from regulatory difficulties, businesses are also aware of the need to protect client data.
Banks are significantly more evolved in this regard. In India, security is a considerably more regulated industry. People have seen a lot of smart security procedures used in banking, particularly among fintechs. The top-down strategy is clearly favored, but the bottom-up approach is also essential, as they must educate end-users and ensure that, in addition to implementing security procedures, consumers are also well informed of security concerns.
According to a recent study, financial institutions are 300 times more vulnerable to cyberattacks than any other industry, and the cost of resolving a cyberattack in the financial services industry is 40% more than in any other. It’s a no-brainer, because financial gain is one of the primary reasons a malicious attacker penetrates our system. Increasing cyberattacks in the banking and business worlds are making senior executives more conscious of the need for security.
In India, we have a great deal of responsibility for protecting our systems, adopting a more disciplined approach, and thereby protecting our clients and end-users. We have a highly systematic and worldwide strategy and a global information security office. This provides thinking leadership and guidance. Our strategy is based on four key pillars: protect, detect, respond, and communicate. As a global fintech, we take a bottom-up approach that is founded on three critical basic aspects: people, process, and technology.
Do new-age FinTech have a different perspective on cyber threats?
Every fintech company aspires to be a bank, and banks aspire to be fintechs. So, how can you approach consumer security differently? Customer protection and data privacy, among other things, are central to the RBI rules. Customers are at the center of how start-ups view technology and its adoption. That is how they are able to grow their company. Fintechs are far ahead because they must ensure that the consumer is satisfied and that their experience is not hampered by any issues. Fintechs are better at implementing cybersecurity practices. Depending on the business, large organizations are implementing cybersecurity and teaching their personnel on the do’s and don’ts.
Are the RBI’s new guidelines for digital lending more prospective or prescriptive?
This is the first time that guidance is proactive and demonstrates how to develop a business with the proper guidebook. It arrived a little early. It provides a clear path to growth, eliminating any uncertainty about how to create a company in this market. It also lays out obvious paths for structuring your organization. We have seen markets expand rapidly whenever the regulator lays out clear paths. What is increasingly crucial is that rules are growing more progressive, while fintechs are struggling due to a large amount of compliance labor. But, what remains is a highly clear black and white product. It has also gained access to significantly larger capital pools and co-lending opportunities.
What best practices are followed in this market, especially in light of increased cybersecurity concerns, and how is compliance seen among digital lenders?
Banking and other industries are already heavily regulated. So, they are not required to comply. The issue arises for small businesses, or MSMEs, that find it difficult to comply with a plethora of different requirements. As a result, we need clear rules for what regulations must be obeyed. The more clear it is, the less it appears to be a burden. Compliance should never be viewed as a burden on the business side because it ensures a better client experience.
Hacking an ID or account has the same effect on a user in a city as it does on one in a small town. The reputational damage is the same whether a single client is hacked or a million customers’ data is compromised. Security is like building a railroad; you build it to last for every client.
Digital adoption, cloud migration, and cyberattacks are all here to stay. When a company takes one step forward, the attackers take ten. Cybersecurity is about taking calculated risks rather than eliminating threats. How well can you learn from what has happened, and how can you harden your processes and controls to recover more quickly when anything goes wrong? Whether it is the next 500 million people entering the world’s largest digital adoption world, cybersecurity should be a part of it.