Urban Cooperative Banks A 360 degree view of IT risk Management Cyber Security Management and Current Regulatory Framework

Abstract

Urban Cooperative Banks (UCBs) are vital enablers of financial inclusion for underserved urban and semi-urban communities (RBI, 2021a). In recent times, they have made significant progress in their digitalisation journey to keep pace with growing competition and to meet the increasing demands of their customers. However, their growing exposure to cyber threats pose a threat to their own stability and to the national economic goals they are expected to serve. Structural vulnerabilities in UCBs such as limited financial resources and governance weaknesses create a paradox where the most at-risk institutions are least able to strengthen defences. Reports from the Standing Committee on Finance, CERT-In, and NASSCOM highlight the escalating risks of insider threats, digital fraud, and poor cyber hygiene among employees and customers of various entities (Standing Committee on Finance, 2023; CERT-In, 2024a; NASSCOM, 2023). newlineThe UCB sector is marked by extreme heterogeneity with smaller and non-scheduled UCBs dominating the space and with several of them not having undertaken cyber audits (Indian Cooperative, 2024). UCBs, especially smaller ones face significant challenges in terms of inadequate IT expertise and low level of financial resources. High-profile incidents such as the 2018 Cosmos Cooperative Bank cyber-heist illustrate systemic vulnerabilities linked to fragmented controls in UCBs (Dhaarani and Aameer, 2025). newlineGlobal cybersecurity frameworks such as the NIST Cybersecurity Framework (CSF), ISO 27001, COBIT and C2M2 remain either largely generic or sector specific or designed for large or mid-sized corporate entities (Babu B, 2018; Yassine M. et al, 2020).