India's financial system runs on digital rails. More than 185 billion UPI transactions flowed through the country's payment infrastructure in FY2025 alone, making digital services fundamental to how customers bank, pay, invest, and transact.
This is why Finance Minister Nirmala Sitharaman's recent warning deserves attention beyond cybersecurity teams.

The message was a call to build resilience for a stronger and stable economy.
RBI's cyber resilience directions and subsequent advisories reinforce this message. The objective is not simply to prevent attacks. It is to ensure that critical financial services remain available even when disruptions occur.
Cyber resilience has become a business imperative and increasingly, a matter of economic stability.
Accepting cyberattacks are inevitable, institutions must build the capability to detect threats, understand business impact, respond quickly, and recover critical services while minimizing disruption and preserving customer trust.

RBI's Definition of Cyber Resilience Has Evolved
Over the last three years, RBI has steadily raised its expectations from financial institutions - from stronger IT governance and board oversight, to cyber resilience for digital payments, to centralized monitoring, customer data protection, forensic readiness, and continuous visibility across the enterprise.

Shifting from seeking controls, RBI is asking institutions to prove resilience by answering these seven questions:
The 8 Questions RBI Now Expects You to Answer
1. Are the right logs from every critical system being collected?
2. Can abnormal behaviour be detected quickly?
3. Can incidents be reconstructed as it happened?
4. Is evidence preserved in a tamper-evident, forensically usable form?
5. Can customer data be monitored wherever it lives?
6. Is it possible to report to RBI with a chronology, impact assessment, root cause, and corrective action?
7. Are logs actively feeding SOC workflows rather than just sitting in cold storage?
8. Can third-party service providers involved in customer journeys be monitored?
A Real-World Lesson
In July 2024, we had a precursor of what the finance minister had warned. A ransomware attack on C-Edge Technologies, a TCS-SBI joint venture providing core banking services to cooperative and rural banks across India, forced nearly 300 cooperative and rural banks to go offline overnight. Customers couldn't withdraw cash or make UPI payments, forcing NPCI to isolate C-Edge from the retail payment network to contain the impact.

This is precisely the scenario RBI's new mandates are designed to prevent. They want to ensure critical business services remain available, customers are protected, and disruptions are minimized even during a cyber incident.
RBI Mandate is not Alone. Resilience is a Global Priority
RBI is not alone in redefining cyber resilience. Financial regulators across the world have shifted their focus from security controls to business resilience.
The European Union’s Digital Operations Resilience Act (DORA), effective from January 2025, requires financial institutions to prove that they can detect, respond, recover and continue operating through any technology disruptions. It also emphasises incident reporting, resilience testing and managing third-party technology risks.
These directives are similar to RBI’s mandates. Similar mandates exist in the UK (FC / PRA Operational Resilience), Australia (APR CPS 230), Singapore (MAS Technology Risk Management). Globally, regulators are expecting financial institutions to transition from just monitoring to proving resilience and providing business continuity in the event of a cyber incident.
What RBI Is Really Asking Institutions to Prove
Most financial institutions already have a Network Operations Center (NOC) monitoring infrastructure and a Security Operations Center (SOC) detecting cyber threats, vulnerabilities, and suspicious activities. Yet during an attack, the business impact is not known.
During a ransomware attack, data breach, or DDoS event, the SOC can identify compromised systems and attack patterns, while the NOC can detect performance degradation and outages. But neither can explain
- Which customer journeys are affected?
- How many transactions are failing?
- What is the business impact?
- Are regulatory obligations at risk?
- Which business services should be prioritized for recovery?
- How much customer trust is at risk?
Answering these questions requires a business context.
Cyber Resilience Needs Business Context
Consider two scenarios:
A SOC identifies a ransomware attack targeting a payment processing system. That is a security alert.
Now consider the team can also see that the attack is disrupting UPI transactions, affecting merchant settlements, causing customer complaints, breaching SLAs, and requiring regulatory reporting within hours.
The difference between the two scenarios is the business context provided by Business Observability.
Business Observability is the operational intelligence layer that connects infrastructure, application, transaction, customer experience, and security signals into a single business view.
Instead of seeing isolated technical alerts, teams can understand how a cyber incident is affecting customer journeys, payment success rates, transaction volumes, service availability, and regulatory obligations.
The result is stronger business resilience.
Security teams can prioritize incidents based on business impact. Operations teams can make faster recovery decisions. Continuity teams can execute more effective failover and disaster recovery strategies.
Most importantly, institutions can reduce customer disruption and preserve trust.
In simple terms:
- NOC provides infrastructure visibility.
- SOC provides security visibility.
- Business Observability provides business impact visibility.
Together, they create true business resilience.

Operationalizing Business Resiliency with VuNet
VuNet's Business Observability Platform, vuSmartMaps™, helps institutions operationalise cyber resilience expectations from across regulators; from the RBI in India, DORA in Europe and others globally. It does not replace existing security tools. Instead, it complements them by unifying signals across application, infrastructure, transactions, customer experience, and security into a single view with business context.
1. Continuous visibility across layers with business impact
RBI's Advisory 3/2026 emphasizes centralized logging, continuous monitoring, audit trails, forensic readiness, unified visibility and structured incident response. VuNet enables these recommendations by unifying telemetry across applications, infrastructure, middleware, databases, APIs, transactions, customer journeys, and third-party services, providing a single business view. During an incident, security, operational and business signals can be viewed together, enabling faster investigation, root-cause analysis, prioritised response, recovery and compliance readiness.
In the C-Edge scenario, the vulnerability would have surfaced as an infrastructure anomaly, correlated to application behaviour, before encryption began. That is the always-on, cross-layer visibility RBI's SOC mandate is looking for.

Platform screenshot 1: Drill down from event to exact failure point enabled by unified telemetry and business context correlation

Platform screenshot 2: Intelligent alerts with business impact
2. Visibility beyond enterprise boundaries
RBI's Advisory 3/2026 emphasises continuous monitoring of third-party services that handle customer data in supporting business services. VuNet’s Business Observability platform extends beyond the enterprise and monitors external APIs, payment gateways, merchant systems and other ecosystem partners that are a part of customer journeys. This enables institutions to quickly determine whether an incident originates within their own environment or an external partner. This helps institutions assess its impact on customer journeys, accelerate investigation, response, and recovery.

Platform screenshot 3: Merchant performance analytics

Platform screenshot 4: API monitoring
3. Business context and impact intelligence
RBI's 2024 Master Direction on Cyber Resilience and Digital Payment Security Controls places strong emphasis on maintaining resilient digital payment services through continuous monitoring, rapid response, business continuity, and customer protection. VuNet enables this by showing how technical incidents affect customer journeys, transactions, SLAs, revenue, and critical business services.

Platform screenshot 5: Transaction analysis with business reasons for failures
Digital experience monitoring and synthetic testing add insights about customer behaviour such as actual session behaviour, OTP failure rates, and onboarding drop-offs. During a cyber incident, this tells which journeys are failing, how many customers are affected, and whether recovery is actually working, not just that the system is degraded.
With this insight, teams can prioritize recovery efforts based on business criticality rather than technical signals alone.

Platform screenshot 6: Mobile browser journey view with business impact
4. AI-driven anomaly detection and investigation
RBI's Advisory 3/2026 encourages institutions to adopt stronger AI governance, continuous monitoring, anomaly detection, and AI model performance evaluation as AI adoption grows. VuNet supports this with AI-driven correlation and anomaly detection capabilities which accelerates investigations by correlating signals across infrastructure, applications, transactions, and customer journeys and provides one correlated incident instead of multiple alerts.

Platform screenshot 7: Anomaly detection
With Ved, VuNet's GenAI assistant, teams can investigate incidents and get answers in seconds using natural language; without switching dashboards or manually correlating data across multiple tools. This helps accelerate investigations and evidence gathering enabling teams to respond faster and support RBI’s 2-6 hours reporting requirement.

Platform screenshot 8: VuNet Gen AI - Ved query and response
From Monitoring to Cyber Business Resilience

Threats will continue to evolve, AI will become deeply embedded in financial services, and the technology landscape will expand with dependencies on third-party services. At the same time, regulatory expectations across the world from RBI in India to DORA in Europe will rise with emphasis on building cyber resilience.
The expectation is no longer limited to detecting attacks or monitoring infrastructure. Financial institutions are expected to continuously monitor critical business services, manage third-party technology risks, govern AI responsibly, understand business impact, and demonstrate that they can recover quickly while maintaining customer trust.
Meeting these expectations requires more than cybersecurity. It requires business resilience.
Business Observability provides the missing business context by bringing together security, operational, transaction and customer signals into a unified view. It enables institutions to understand not just what is under attack, but what is at risk, what needs to be prioritized and whether recovery is working.
This is exactly what regulators from RBI to DORA are asking institutions to demonstrate that they can keep critical business services running and prove resilience.
Business Observability is the operational intelligence layer that makes this possible.



