“There have been cyber incidents in the recent past. I think it would be overly complacent for anyone of us to say we are well prepared to meet all cyber threats,” he said at the annual Fibac event.
“Too many access points are left unmonitored, too many people share passwords or have easily penetrated passwords, and too little surveillance is maintained of vendors and the software they create,” Mr Rajan said.
Calling for a cultural change on the cyber security front, the RBI governor urged the lenders to take a “fresh look” at their security architecture.
He said that at the RBI, the process of setting up an IT subsidiary is on and after hiring a chief executive, the second rung is being hired directly from the market.
“The RBI is working on upgrading the capabilities of its inspectors to undertake bank system audits as well as to detect vulnerabilities in them,” he said.
The comments come after some recent cyber security breaches at a couple of state-run lenders.
Bengaluru-based Canara Bank faced an attack last week.
Last month, Union Bank of India had reported problems on its offshore accounts.
Earlier this year, the central bank of Bangladesh had also faced a breach which resulted in the illegal transfer of millions of dollars.
According to media reports, a similar attack on a large domestic bank was averted due to the presence of mind shown by a counterparty.