Home / Corporate Governance / Cybersecurity Governance

Cybersecurity Governance

Cyber risks form an integral part of the Bank’s enterprise risk management framework. The Bank is committed and works towards aligning itself with the changing threat landscape and has a dedicated team for cyber/information risk management. There is robust oversight by the Board which takes regular updates from the Information Security Group (ISG) of the Bank.

The Bank has an Information and Cybersecurity Governance framework that helps it in mitigation of growing cybersecurity threats. The cybersecurity governance encompasses management oversight at various levels with the ultimate responsibility assumed by the Board of Directors.

An illustration of a red computer screen with an orange shield featuring a padlock and circuit lines, symbolizing cybersecurity and digital protection.

The Executive Committees have diverse cross-functional members and well-defined terms of reference. Proceedings of these Committees are reported to the IT Strategy Committee. Additionally, the Bank has multiple Key Risk Indicators (KRIs)/dashboard to review system stability, continuity and availability and network uptime. The Bank also has a well-defined Information Security Policy, Cyber Security Policy and Information Security Standards and Procedures. These policies have been designed by drawing from several standards and regulations including the RBI Cyber Security Framework, National Critical Information Infrastructure Protection Centre (NCIIPC) Guidelines for Protection, Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool, the SEBI Cyber Security and Resilience Framework for Stock Brokers/ Depository participants, IRDA Guidelines on Information and Cyber Security for insurers, Unusual Cyber Security Incidents framework. The Bank has also incorporated industry best practices such as the National Institute of Standards and Technology (NIST) and the regulatory requirements of some other jurisdictions in which the Bank operates. Further, periodic internal and external audits are undertaken and inputs from these assessments are incorporated. The Bank’s Data Centre and Security Operations Centre is ISO 27001 certified.

The Bank has a 24x7 Security Operation Centre for monitoring and surveillance of information technology systems. Considering the criticality and vitality of data protection, we have deployed a Data Leakage/Loss Prevention system with data protection rules for sensitive data exposure from the Bank’s endpoints, emails, and web gateways.

ISO 27001 is an international standard for information security management.

A diagram illustrating the governance structure for Information Technology, including the Board of Directors, Board Sub-Committees (IT Strategy, Risk, and Audit Committees), and Executive Committees (IT Steering, Information and Cybersecurity, and Business Continuity Management Steering Committees).
A diagram outlining the controls for IT infrastructure categorized into three areas: Preventive Control (including Application Security Life Cycle, Firewall, and DDoS Mitigation), Detective Control (including SOC Monitoring, Web Application Firewall, and NOC Monitoring), and Responsive Control (including Incident Response Plan and Cyber Crisis Management Plan).

There were no material incidents of security breaches or data loss during fiscal 2024.

Previous Topic

Data Governance and Privacy

Next Topic

Other Governance Initiatives