On Thursday, Sebi asked participating securities dealers and custodians to report all cyberattacks, threats and breaches experienced by them within six hours of detecting such incidents. They must report such incidents in a timely manner to exchanges, depositories and the regulator.
The incident will also be reported to Computer Emergency Response Team India (CERT-In) as per guidelines issued by CERT-In from time to time, according to a circular. In addition, securities dealers and custodial participants whose systems have been identified as “protected systems” by the National Critical Information Infrastructure Protection Center (NCIIPC) will also report such incidents to the NCIIPC.
“All cyberattacks, threats, cyberincidents and breaches experienced by participating securities dealers/custodians must be reported to exchanges/custodians and to Sebi within six hours of becoming aware of/detecting or notifying of such incidents,” Sebi said in the circular. Quarterly reports containing information on cyberattacks, threats, cyberincidents and breaches experienced by securities dealers and depositary participants and actions taken to mitigate vulnerabilities, including information on bug vulnerabilities, threats which may be useful to others, must be submitted to stock exchanges and depositories within 15 days of the end of each quarter.
This information will be shared with Sebi through a dedicated email ID. Earlier this month, the regulator prescribed the cybersecurity and cyber-resilience framework for securities dealers and depository participants.
Read all the latest news, breaking news, watch the best videos and live TV here.