The government is working on a plan to create a single cyber incident reporting and response mechanism across India's financial sector.
The move comes amid concerns that a cyberattack or technical disruption in one part of the financial system could quickly spread to other segments such as banking, securities markets and payment networks.
According to government sources, the proposed framework aims to bring banks, financial institutions and market entities under a common reporting structure to improve coordination during cyber incidents.
Currently, different regulators maintain separate cyber incident reporting systems, creating challenges in managing sector-wide disruptions.
Focus on Tackling Cross-Sector Cyber Risks
The proposal is part of a broader financial sector cybersecurity strategy being prepared by an inter-ministerial group led by the Department of Economic Affairs.
The group includes the Department of Financial Services, Ministry of Electronics and Information Technology, Department of Telecommunications, Ministry of Home Affairs, regulators and cybersecurity agencies.
Officials said the strategy is focused on addressing "spillover risk", where a cyber incident in one area of the financial system affects multiple interconnected sectors.
For example, a banking outage can disrupt payment systems and securities markets, while issues at clearing corporations can create wider financial instability.
To improve coordination, banks, stock markets and other financial institutions may be required to follow common definitions, reporting standards and internationally recognised cybersecurity frameworks.
The objective is to ensure that all stakeholders respond to cyber threats using a uniform approach and language.
AI-Powered Cyberattacks Raise Urgency
The government also expects artificial intelligence to make cyberattacks faster, more sophisticated and harder to detect.
Officials said financial institutions need to strengthen preparedness as AI-driven threats could significantly reduce the time available to respond to vulnerabilities.
The Indian Computer Emergency Response Team (CERT-In) has already issued advisories to companies, individuals and MSMEs regarding AI-enabled cyber risks.
According to officials, organisations can no longer expect vulnerabilities to be addressed over weeks or months. Instead, responses may need to be executed within hours.
Authorities have also encouraged institutions to use AI-based security tools to counter increasingly advanced cyber threats.
The proposed unified reporting mechanism is expected to improve coordination, speed up incident response and strengthen the resilience of India's financial system against future cyber risks.
