THE CYBER SECURITY REGULATORY LANDSCAPE FOR FINANCIAL INSTITUTIONS IN INDIA: LEGAL REQUIREMENT AND ISSUES IN IMPLEMENTATION OF ISO 27001

Abstract

The vast bulk of the data that banks handle and retain is categorized as highly classified or sensitive. Customers' growing reliance on electronic delivery channels for transactional purposes, along with any security concerns, could undermine public trust in e-banking channels, putting banks' reputations at danger when things get serious. Cybercriminals have launched several cyber attacks, resulting in significant losses as a result of their discovery of system flaws or openings. The cyber-attacks have increased since the time of pandemic because the dependency of the people on the digital payments has rocketed. The banking industry in India is obligated to monitor the bank’s information systems for specific reasons in order to prevent any vulnerability from occurring. An information security management system highlights risks, gaps, opportunities, and goals to improve governance, efficiency, and risk control. Banks can achieve ISO 27001 certification through the use of the information security management system demonstrating compliance with all necessary standards needed to uphold an organization's integrity, confidentiality, and trustworthiness.