* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [CSO Perspective](https://www2.paloaltonetworks.com/blog/category/cso-perspective/)
* 3 Important Takeaways fro...

# 3 Important Takeaways from the RBI's Cyber Security Framework in Banks

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F08%2Fcso-3-important-takeaways-from-the-rbis-cyber-security-framework-in-banks%2F)  
[](https://twitter.com/share?text=3+Important+Takeaways+from+the+RBI%27s+Cyber+Security+Framework+in+Banks&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F08%2Fcso-3-important-takeaways-from-the-rbis-cyber-security-framework-in-banks%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F08%2Fcso-3-important-takeaways-from-the-rbis-cyber-security-framework-in-banks%2F&title=3+Important+Takeaways+from+the+RBI%27s+Cyber+Security+Framework+in+Banks&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2016/08/cso-3-important-takeaways-from-the-rbis-cyber-security-framework-in-banks/&ts=markdown)  
\[\](mailto:?subject=3 Important Takeaways from the RBI's Cyber Security Framework in Banks)  
Link copied  
By [Sean Duca](https://www.paloaltonetworks.com/blog/author/sean-duca/?ts=markdown "Posts by Sean Duca") and [Danielle Kriz](https://www.paloaltonetworks.com/blog/author/danielle-kriz/?ts=markdown "Posts by Danielle Kriz")  
Aug 03, 2016  
4 minutes  
[CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)  
[Cyber Security Framework in Banks](https://www.paloaltonetworks.com/blog/tag/cyber-security-framework-in-banks/?ts=markdown)  
[Navigating the Digital Age](https://www.paloaltonetworks.com/blog/tag/navigating-the-digital-age/?ts=markdown)  
[Reserve Bank of India (RBI)](https://www.paloaltonetworks.com/blog/tag/reserve-bank-of-india-rbi/?ts=markdown)  
[SecurityRoundtable.org](https://www.paloaltonetworks.com/blog/tag/securityroundtable-org/?ts=markdown)

In June 2016, the Reserve Bank of India (RBI) sent to CEOs of Indian banks an important circular, the [*Cyber Security Framework in Banks*](https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10435&Mode=0)*.* The document states that banks have an urgent need to put in place a robust cybersecurity/resilience framework and ensure adequate cybersecurity preparedness on a continual basis. Issuing cybersecurity guidance is not new for RBI, which issued a similar document in 2011. However, this particular document is timely and essential. Information technology (IT) is now part of banks' operational strategies, essential for both them and their customers. At the same time, as RBI points out, the number, frequency, and impact of cyber incidents on Indian banks has increased substantially. Like their peers globally, Indian banks are committed to maintaining customer trust, protecting financial assets, and preserving their own brand and reputation as the industry will remain a top target of cybercriminals using increasingly sophisticated methods. Thus, it is urgent that banks continue to improve their cyber defenses.

The RBI guidance consists of the overall/introductory framework and guidance and three annexes:

1. An indicative set of baseline cyber security and resilience requirements.
2. Information on setting up and operationalising a cyber security operation centre (C-SOC).
3. A template for reporting cyber incidents to the RBI.

Within the range of instructions and recommendations in the guidance, three things rise to the top as notable.

First, the guidance instructs banks to involve their boards of directors and other senior management in cybersecurity. Boards must approve their banks' cybersecurity policies and strategies and, more generally, they need to be brought up to speed on potential cybersecurity impacts, including their banks' preparedness, and the need to manage cyber risks. At the same time, the guidance notes that managing cyber risk requires awareness and commitment among staff at all levels. We agree wholeheartedly. Executives can no longer delegate the whole cybersecurity agenda to the IT division. Because the value of a bank's brand can be directly affected by security incidents, security needs to become an integral part of the company strategy at the highest possible level, actionable at every branch and corporate site and supported by greater employee awareness. Through our recent book, [*Navigating the Digital Age*](http://connect.paloaltonetworks.com/cyberhandbook), and our online community, [SecurityRoundtable.org](https://www.securityroundtable.org/), Palo Alto Networks seeks to share best practices, use cases and expert advice to guide executives on managing cybersecurity risks.

Second, the guidance directs Indian banks to take a risk management approach to cybersecurity. RBI notes that the size, IT systems, technological complexity, stakeholders, and other factors vary from bank to bank, and thus banks must identify their own inherent risks and needed controls to adopt an appropriate cybersecurity approach. We agree. No "one size" cybersecurity solution will fit all banks. However, there are some best practices that will improve overall cybersecurity hygiene.

Third, the guidance emphasises prevention. For example, the guidance says that banks should not allow unauthorised access to networks and databases, should take necessary preventive and corrective measures, and should endeavor to stay ahead of the adversary. We agree. Given that banks everywhere are constantly under siege from cyber attackers, a prevention-minded philosophy to cybersecurity is needed. Detection and remediation are too little and far too late to properly protect the financial assets and information of banks' clients. This is where the SOCs called for by RBI will be extremely helpful. Per the guidance, a bank's SOC should "keep itself regularly updated on the latest nature of emerging cyber threats" and be "well-prepared to face emerging cyber threats such as zero-day attacks". However, SOCs are just part of the solution. Including cybersecurity in the overall network or enterprise architecture will also contribute to a preventive posture. Palo Alto Networks is focused on preventing successful cyberattacks and can be part of such a layered defense approach.

The guidance's baseline cybersecurity and resilience requirements are helpful. They include recommendations to meet many of the goals laid out above, such as a requirement to have advanced real-time threat defense and management. However, as RBI notes, the list is indicative and not exhaustive. As they seek to manage their ever-evolving risks, it is critical that banks retain the flexibility to ascertain and deploy the most advanced technologies and processes to ensure the best possible protection of client data and financial assets.

Today's digital way of life puts immense pressure on the financial services industry. Individuals, institutions and governments demand an unprecedented level of access to their financial assets and information. Clients must trust that their financial assets and information are safe yet also readily available. This trust is best built and maintained with a breach prevention-based mindset for cybersecurity.

*** ** * ** ***

## Related Blogs

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)

[#### Navigating the Digital Age Guide in Japan -- Why Now, Why Japan?](https://www2.paloaltonetworks.com/blog/2016/12/cso-navigating-digital-age-guide-japan-now-japan/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Davos 2018: Hot Topics in Cyber Risk](https://www2.paloaltonetworks.com/blog/2018/02/cso-davos-2018-hot-topics-cyber-risk/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)

[#### New Report: The State of Cybersecurity in Asia-Pacific](https://www2.paloaltonetworks.com/blog/2017/07/cso-new-report-state-cybersecurity-asia-pacific/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)

[#### Why Directors Feel Inadequate in Terms of Cybersecurity and What They Can Do About It](https://www2.paloaltonetworks.com/blog/2017/05/cso-directors-feel-inadequate-terms-cybersecurity-can/)

### [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### AI, Quantum Computing and Other Emerging Risks](https://www2.paloaltonetworks.com/blog/2025/10/ai-quantum-computing-emerging-risks/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com)

[#### The Case for Multidomain Visibility](https://www2.paloaltonetworks.com/blog/2025/10/case-for-multidomain-visibility/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language