The CISO platform taskforce aims to create a playbook for banks to navigate evolving cybersecurity incident reporting regulations in India. The plan includes identifying relevant authorities, documenting procedures, and practicing responses to ensure consistent reporting during incidents. Key stakeholders must report incidents within strict timelines, emphasizing the importance of a coordinated approach to cybersecurity across all business lines and third-party service providers.

1. CISO Platform Taskforce
Release Date: 30 May 2024, Bangalore
Incident Reporting Regulations
for Banks in India

2. Taskforce Contributors
Deval Mazmudar
Cybersecurity Advisor – TJSB Bank
Ex-CISO IndusInd Bank
30-May-2024 Bangalore CISO Platform 2

3. Vision & Mission
Vision:
•To help CISOs new to the Banking community
understand and adhere to ever evolving
regulatory and other guidelines issued by various
authorities on Cybersecurity Incident Reporting.
30-May-2024 Bangalore CISO Platform 3
Mission:
To prepare a playbook containing regulatory and
other guidelines to refer to, and something that can
be incorporated in to a Bank’s Incident Response
Procedures and Crisis Management Plan.

4. Problem Statement
• There are several authorities and regulators who has
issued guidelines on reporting of Cyber/Security
Incidents for Banks. Those are applicable depending
on their lines of business and services offered.
• When trouble strikes, we need documented
procedures – SOPs to refer to and follow, and not
what we feel could be the best course of action at
that point of time. It needs to be consistent across
time and people. Meaning even if it happens during
holidays or off-business hours, the team needs to
follow the defined process
30-May-2024 Bangalore CISO Platform 4

5. Action Plan to Address Problem Statement
•Understand the line of Business
•Identify Regulators and Authorities of relevance
•Identify incident reporting guidelines issued by the
regulatory bodies and the relevant authorities
•Identify organizational policies and reporting
requirements as well as expectations of the top
management and the Board
30-May-2024 Bangalore CISO Platform 5

6. continued …. Action Plan
•Once above all are identified, document the same
with associated reporting templates, contact details
etc in a document like Incident Reporting Procedures
and/or Cyber Crisis Management Plan
•Get it reviewed by all the stakeholders and the
Information Security Committee
•Practice the plan with table top exercises, using
dummy contacts and role plays
30-May-2024 Bangalore CISO Platform 6

7. Scope and Applicability
• The entire organisation.
• All locations – Datacenters, on-premises, co-located or cloud
• Internal Applications like HR, Audit, Compliance, Risk
Management, Procurement, Analytics
• External Applications like All Channels of Transactions, Channels
of Customer service, Corporate, Retail, Cards, Payments,
Analytics, Interfaces etc.
• Regardless of in-house or SaaS
• IT service providers like Software Development, Support, Infra,
Networks, Cloud etc…
• Business service providers like BCs, DSAs, Call Centers,
Collection Agencies, Statement Printing, Card Embossing,
Payment Gateways etc …
30-May-2024 Bangalore CISO Platform 7

8. Whom to Report .. obligatory
Incident
RBI/CSIT
E
CERT-In
IDRBT
IB-CART
Cybercri
me /
Police
SEBI
IRDA
DPB of
India
NPCI
Visa /
Master
SWIFT
NCIIPC
30-May-2024 Bangalore CISO Platform 8

9. Whom to Report .. discretionary
Incident
Cyber
Insurer
First
Responde
rs
Forensic
Investigat
ors
CCMT
Board
Customer
s
Key
Partners/
Stakehold
ers
Media
Internatio
nal bodies
30-May-2024 Bangalore CISO Platform 9

10. Importance of incident reporting by
Third-Parties and Service Providers to the
Banks
• Report within 6 hours to RBI and CERTIn meaning partners also must
report within such a time that allows Bank officials to analyse, discuss,
and then report to Regulators within 6 hours. This will require
revisiting all existing agreements and amend with the regulatory
requirements and provide for penalties in failing to do so.
Examples:
Compromise at an Analytics firm handling customer data of many
large organisations.
Ransomware at a Software and Support Vendor
• If incidents involve compromise of Bank related data, then the
incident needs to be reported to RBI by the Bank within the stipulated
timelines.
30-May-2024 Bangalore CISO Platform 10

11. Stay Safe , Stay Compliant
Your
CEO
will
Thank You
30-May-2024 Bangalore CISO Platform 11