Clipped from: https://www.financialexpress.com/business/news-review-cyber-risks-in-2-moths-rbi-to-banks-4233706/
Reserve Bank of India asks banks to review cybersecurity readiness within two months amid rising AI-driven threats and system vulnerabilities.
Banks to assess cyber defence frameworks as Reserve Bank of India flags growing risks from advanced AI models and digital security gaps.
The Reserve Bank of India (RBI) has asked banks to conduct an internal review of their cybersecurity preparedness and place a detailed assessment before their respective boards within the next two months, sources said. The exercise is part of an advisory issued by the central bank on April 27 directing lenders to further strengthen their cyber defence frameworks amid rising digital and AI-linked risks.
The move comes at a time when concerns over vulnerabilities in financial systems have intensified globally, particularly after reports surrounding Anthropic’s advanced AI model, Mythos, and its potential ability to identify weaknesses in software systems at unprecedented speed.
“This is something where all parts of the bank — and the industry as a whole — have to come together, because it is a systemic risk,” said Pralay Mondal, managing director and CEO of CSB Bank. “It will remain an important priority. We are assessing what more needs to be done, and the RBI will continue to guide us.”
Backdrop of RBI’s latest advisory
The RBI’s advisory follows a high-level meeting convened by Finance Minister Nirmala Sitharaman on April 23 with bank chiefs to discuss risks arising from artificial intelligence and their implications for the financial sector. Senior RBI officials and representatives from the ministry of electronics and IT attended the meeting, which focused on safeguarding banking systems against emerging AI-driven threats.
“The main entities at risk are the IT companies. We use their products, so the vulnerability lies with them,” said the MD of a public sector bank. “We are examining how to ensure that no one can breach the system.” Industry experts say banks are only beginning to grasp the implications of next-generation AI models for cybersecurity and operational resilience.
“At this stage, boards are essentially asking management teams to explain what the real risk is,” said Piyush Dalmia, senior partner at McKinsey & Company. “Earlier, if there was a vulnerability in your system, it may have taken someone two months to discover it. Now, that vulnerability could potentially be identified in two hours.”
According to Dalmia, this sharply compresses the acceptable margin for error in digital systems. “The tolerance for any kind of vulnerability is now close to zero,” he said. “What that fully implies, institutions are still trying to understand.”
He added that the shift could fundamentally alter how banks approach technology deployment and product launches. Historically, institutions could launch products with a few minor deviations from information-security protocols and fix them later. Going forward, that flexibility may disappear. Products may not be launched unless systems are fully secured, and that could slow the pace at which businesses go to market.”
Experts said the implications go beyond immediate cybersecurity upgrades and could reshape governance, vendor management and risk oversight frameworks across the banking system. “There are second- and third-order implications that institutions are still working through,” Dalmia said. “The issue is particularly relevant for public sector institutions, which may also face the risk of state-sponsored cyberattacks in addition to conventional fraud threats.”
For now, discussions remain concentrated at the board level as banks attempt to understand the scale of the challenge.
“Boards are asking management teams to explain what this really means,” Dalmia said. “At the moment, the focus is more on education and understanding the risks. The conversation has not yet fully shifted to concrete action plans.”
aniltikotekar4sme.com 