In August 2018, Cosmos Bank was faced with a cyber attack, resulting in nearly Rs 100 crore being siphoned off. In most developed countries similar attacks are rare. Such incidents require a large number of accounts to transfer the stolen money. With stringent KYC norms, anti-money laundering measures, multi-level transaction authentication requirements and AIbased real-time ‘unusual’ transaction tracking, carrying out such operations is difficult barring gross negligence by the bank/ related parties.
In most countries, direct money siphoning from banks through cyber-attacks are small-scale frauds through phishing attacks and cloning/stealing of payment cards/net banking identities/information. These are high-frequency but low impact events. RBI data and our estimates show that during 2008-17, banks in India faced 1,30,000 reported cases of cyber fraud involving an estimated Rs 700 crore. This is equivalent to just 0.006% of the outstanding deposits of Indian banks. By contrast, a severe cyber attack can result in bank failure even when no money is lost directly.
The main threats that a bank faces from cyber attacks include breach of customer data privacy,…
