As the digital landscape continues to evolve, banking and payment systems are becoming increasingly vulnerable to cyber threats. At the recent Fireside Chat and panel discussion, on the sidelines of ETCISO Annual Conclave 2024, industry leaders from India’s largest financial institutions and organizations shared their strategies to strengthen cybersecurity and engage stakeholders at the highest levels.

Prioritizing cybersecurity in boardrooms

“In a CISO’s life, there isn’t a dull day,” remarked Nitin Chauhan, CISO of Yes Bank, while discussing how cybersecurity is no longer an issue that needs to be sold to boardrooms. “The agenda is self-driven. Boards are more agile now, and our focus is on automation and providing a quick reckoner on the ongoing information relevant to the organization’s security posture.”

Echoing Chauhan, Vinay Tiwari, Group CISO of Axis Bank, highlighted the growing emphasis on metrics. “Various metrics like cyber resilience, culture, and those set by regulators can be used to give the board a clear and transparent view of the security posture,” said Tiwari. These metrics drive informed decision-making, underscoring the value of integrating security considerations early in strategic projects—a shift long championed by cybersecurity leaders.

Budget constraints and stakeholder alignment

While security remains a top priority, CISOs still face budget constraints and competing interests. As Tiwari pointed out, the challenge is not only in securing sufficient resources but also in aligning all stakeholders to ensure cybersecurity remains front and center. Today’s threat landscape leaves little room for shortcuts, making it imperative to navigate budgetary pressures while maintaining robust security defenses.

Protect, prevent, prosper: The Indian digital payment ecosystem

In parallel, Pravin Kumar, CMISO at NPCI, discussed the challenges specific to India’s burgeoning digital payment system. With a vast network of participants, vulnerabilities from supply chain attacks, and geopolitical threats, securing this ecosystem is a monumental task. There’s a lack of standardization and proper due diligence, Kumar noted, which exposes the payment system to numerous risks.

To combat these threats, Kumar emphasized the need for collaboration across all players. Setting up a payment coordination center, continuous assessments, and sharing threat intelligence are key strategies. It’s about ensuring shared responsibility across the ecosystem, he stated.

The blueprint for the future of India’s financial cybersecurity involves continuous revision of guidelines, enhanced communication, and heightened internal controls, all aimed at creating a secure environment for digital transactions.