Client Overview
- Type: Non-Banking Financial Company (NBFC)
- Location: Bangalore-based, operating across 8 states in India
- Sector: BFSI
The Challenge
As the NBFC expanded digitally with mobile loan apps, Aadhaar eKYC, and third-party CRM, its cyber exposure grew rapidly. However, key vulnerabilities were unaddressed:
- No unified view of cyber risks across branches
- Weak access controls in core loan processing system
- Personal data stored on endpoint devices without encryption
- No structured incident response mechanism or cyber drills
- Gaps in compliance with RBI and CERT-In guidelines
- Vendor contracts lacked basic InfoSec clauses
Leadership sought to build a regulatory-aligned Information Security Risk Management Framework to protect operations and customer trust.
Our Solution
MitKat delivered a cybersecurity engagement, focused on scale-appropriate, regulator-ready controls.
Key Interventions:
- Cyber risk mapping of core systems and digital assets
- Policy overhaul (Cybersecurity, Acceptable Use, Data Retention)
- Role-based access and MFA implemented for all backend users
- Endpoint protection and encryption deployed across HO and branches
- Incident Response Plan and mock drill conducted for key teams
- Vendor risk review with standard InfoSec clauses introduced
Outcome
- Multiple risks mitigated across IT and operational systems
- Endpoint security coverage increased.
- First-ever incident response framework adopted
- Board-level visibility enhanced with regular cyber updates
- RBI audit readiness completed ahead of schedule
MitKat’s regulatory-aligned cybersecurity engagement helped a mid-sized NBFC shift from fragmented controls to a compliant, board-visible risk management framework, reducing exposure, enhancing resilience, and ensuring audit readiness.