[OR] [MBT] [E3] [CBS] [7] [SuPS] Identify Severe but Plausible Scenarios

Sub-CBS Code

Sub-CBS

Impact/Effect

Severe but Plausible Scenario

Proactive Risk Management Action

Link to Integration of Cyber and ICT Risks

7.1

Online Banking Platform Management

Major service downtime, customer dissatisfaction, and reputational damage

Extended unavailability of the online banking platform due to a cloud service provider outage

Implement multi-cloud redundancy and continuous availability testing

Aligned with ICT infrastructure redundancy and supplier cyber resilience requirements

7.2

Mobile Banking Application Services

Customer access disruption, transaction delays

Critical vulnerability exploited in a mobile app, resulting in a data breach or unauthorized transactions

Conduct secure code reviews, regular penetration testing, and app hardening

Integration with the mobile app security lifecycle and vulnerability management

7.3

Digital Account Access and Authentication

Customer lockouts, unauthorized access

Credential stuffing or phishing campaign compromising a large user base

Implement adaptive authentication and behavioral biometrics

Integrated with cyber threat intelligence and identity access management (IAM) controls

7.4

Online Funds Transfer and Payment Processing

Financial loss, regulatory breach

Compromise of the payment gateway leading to unauthorized fund transfers

Enforce transaction anomaly detection and out-of-band verification

Integration with payment system, cybersecurity, and fraud analytics systems

7.5

Digital Customer Onboarding and e-KYC

Regulatory non-compliance, identity theft

Large-scale e-KYC system failure due to third-party API compromise

Diversify onboarding verification vendors and ensure API isolation

Integrated with third-party risk and data integrity management frameworks

7.6

Digital Customer Support and Service Channels

Inability to serve customers, reputational harm

Chatbot and call centre systems taken offline due to a DDoS attack

Implement DDoS protection, load balancing, and alternate contact channels

Linked to ICT network security and incident management frameworks

7.7

Card-Not-Present (CNP) and e-Commerce Transaction Processing

Fraud escalation, financial loss

Surge in fraudulent e-commerce transactions from a major merchant breach

Deploy AI-driven fraud detection and merchant risk scoring

Integrated with enterprise fraud monitoring and PCI DSS compliance controls

7.8

ATM and Electronic Channel Management

Service disruption, public trust erosion

Malware infection spreading through the ATM network

Deploy endpoint protection and network segmentation for ATMs

Integration with endpoint security and physical channel protection policies

7.9

Cybersecurity and Fraud Monitoring for Digital Channels

Undetected breaches, financial loss

Simultaneous cyberattack (ransomware and phishing) is overwhelming the SOC capacity

Implement cyber incident playbooks and automated threat containment

Fully aligned with Cyber and ICT resilience testing and SOC automation

7.10

Digital Banking Data Management and Reporting

Data corruption, loss of regulatory confidence

Data integrity breach due to insider manipulation or ransomware encryption

Regular data validation, encryption, and immutable backup implementation

Integration with ICT data governance, backup, and recovery frameworks