Business Leaders' Forum

Rapporteur:

M.D.S. Prabu,Manger,Content Writer, ReBIT

Event Report 

“Collaborative ecosystem and efforts along with good governance and security practices are important to any financial institution,” remarked Mr M.K.Jain, Deputy Governor, Reserve Bank of India during his key note address at the fourth edition of Business Leaders’ Forum. Crisis management and communications was the central theme of this edition of BLF - a congregation of senior bankers in the country. The event was held at Taj Lands End, Mumbai on 14 November, 2018.

Welcome Address

Nandkumar Saravade, CEO, ReBIT welcomed the dignitaries speaking and participating in the event. He spoke of the forum’s objective, of creating a platform for decision makers in the banking community, to debate and disseminate cyber and operational risks. He emphasized crisis management to be an important aspect in dealing with cyber risks. Besides, he noted that cyber events result in business disruption, reputational and financial losses. Sharing the good cyber practices of one organization will also benefit the others.

The Keynote 

Mr M.K.Jain appreciated the participation of senior management of banks present on the occasion. He also expressed optimism that it will give an impetus to discuss cyber security related issues among themselves and also with their respective boards, since cultural change and senior management involvement are a must to address cyber risks. “Cyber risk is increasingly becoming recognized as a major risk to the operations for the banks and addressing it should be a salient part of banks’ risk management strategy,” he added.

He also quoted an IMF Working Paper on Cyber Risk, Market Failures, and Financial Stability which estimates the global loss from the cybersecurity risks to be between $250 billion to $1 trillion and a 2018 World Economic Forums’ report on Global Risks which estimates the annual economic cost of cybercrime to be approximately $1 trillion.

Mr Jain also spoke about RBI’s directions regarding mandatory awareness and training program for board members to help them plan cyber risks effectively. He also advised banks to provide advanced training on incident response and opined that stakeholders should be well rehearsed with cyber drills with appropriate escalation matrix. He called for employing dedicated security operations centre personnel in cyber security teams of banks.

The session was interactive and Mr Jain responded to the queries from the participating bankers.

The Science of Reputation Management

Dr Sanjay Chougule, SGM and Head of Internal Audit and Financial Crime Prevention Group, ICICI Bank spoke about the importance of a holistic framework in the organization during his address ‘A Practitioner’s Perspective on Reputation Management.’ He also mentioned that the senior management, including the CEO, must be actively involved in it and any crisis should be closely monitored and dealt with. “Opinions can be intense and can dent the reputation of an organization, given the viral nature of social media and its fast proliferation. A crisis situation is a test for customer relationship management in any organization,” he commented. Dr Chougule also outlined the key components of a reputation framework viz., governance oversight, policies and controls, stakeholder management, risk assessment and monitoring, incident management and response.

He argued that the objective of any reputation management exercise should be to restore credibility, minimize the impact of losses and advocated for a crisis communication manual to be followed by organisations for the overall monitoring carried out by their reputation forum.

Cyber Incident Management- Table Top exercise

Dr Sanjay Bahl, Director General, Indian Computer Emergency Response Team began his session with an overview of the functioning of his organization. He then talked about the support provided by them to banks and enterprises in other sectors. “We urge banks to follow mandatory reporting, as it will help us to plan emergency measures and coordinate the investigation and analysis,” he urged.

Thereafter, Dr Bahl and his colleagues Mr SS Sharma and Mr Ashutosh Bahugana conducted a highly engaging and interactive table-top exercise with the participants of the forum. The participants were split into different groups to role play being board members of a hypothetical bank. All the groups were asked to discuss the various cyber incident scenarios and formulate their responses covering various aspects of the cyber security framework. The CERT-In team compared the responses of different groups and deliberated on them.

The participants ended the session with a better understanding of the right approach to cyber crisis management.

 Concluding Remarks

Mr M P Baliga, Senior Program Director, CAFRAL thanked the distinguished speakers of the day for sharing their inputs in several engaging formats and the enthusiastic participants for continuing the dialogue on cyber risk management.