Our cyber resilience is insufﬁcient Our cyber resilience meets minimum/uni00A0requirements Our cyber resilience exceeds our requirements0% 20% 40% 60% 0% 20% 40% 60% 0% 20% 40% 60%In what ways does your organization incentivize employees to report security mistakes, incidents and risks? Our cyber resilience is insufﬁcientOur cyber resilience meets minimum/uni00A0requirementsOur cyber resilience exceeds our requirements Training and awareness programmes48% 24% 28% 31% 28% 5% 7%77% 76% 48%We have dedicated support teams or individuals available to assist employees in reporting and addressing their security concerns Anonymous reporting channels Non-punitive policy Recognition and reward programmes We include security incident reporting as a positive metric in employee performance evaluations We do not have any dedicated programme19% 18% 12% 11%43% 42% 21% 19%41%62% 35%Incentives to encourage the reporting of cybersecurity threats and incidents FIGURE 15 The Indian cooperative banking system plays a vital role by offering a community-focused inclusive approach to banking, particularly in rural and agricultural communities. These banks use the upstream services from commercial banks for their customers, as they are cost-effective for a low volume of transactions, and doing so is less time-consuming and easy to implement – thus driving financial inclusion, promoting economic stability and supporting grassroots-level growth. Due to the growing sophistication of cyberthreats, the resource-starved cooperative banks face significant cybersecurity challenges. Lack of trained staff and reduced confidence in carrying out incident response makes them vulnerable to cyberattacks. To level the cyber field, CERT India introduced a structured programme, implemented over eight months with 40 identified cooperative banks, comprising cyber drills for bank officers to build incident-management capabilities. The programme provided an integral relationship between knowledge and cognitive process by encouraging critical thinking for problem solving in incident management. To evaluate the cumulative resiliency of these banks, the cyber drills were mapped to the four pillars of resilience: anticipate, withstand, recover and evolve. Weighted summation of the pillars was calculated showing significant resiliency improvement pre and post programme. Sanjay Bahl Director-General, Indian Computer Emergency Response TeamCASE STUDY 5 Building skill sets for cybersecurity incident response in Indian cooperative banks Global Cybersecurity Outlook 2025 33