India’s securities and commodities market regulator SEBI has asked stock brokers and depositories participants in the country to report all cyber attacks, threats and breaches that they face within six hours of such incidents.
The Securities and Exchange Board of India (SEBI) issued the instruction on June 30 through a circular on modification in ‘Cyber Security and Cyber resilience framework for Stock Brokers and Depository Participants’.
The SEBI has asked the stock brokers to report such incidents within the specified time to the exchanges, depositories and the regulator.
The incident will also be reported to the Indian Computer Emergency Response team (CERT-In) in accordance with the guidelines issued by CERT-In from time to time, according to the circular.
Additionally, the stock brokers and depository participants, whose systems have been identified as ‘protected system’ by National Critical Information Infrastructure Protection Centre (NCIIPC) will also report such incidents to NCIIPC.
“All cyber attacks, threats, cyber incidents and breaches experienced by stock brokers or depositories participants shall be reported to stock exchanges or depositories and SEBI within six hours of noticing or detecting such incidents or being brought to notice about such incidents,” the circular stated.
This information shall be shared to SEBI through the dedicated e-mail id: sbdp-cyberincidents@sebi.gov.in.
Besides this, the circular stated that a quarterly report containing information on cyber attacks, threats, cyber incidents and breaches experienced by the stock brokers and depository participants and measures taken to mitigate the vulnerabilities, including information on bugs vulnerabilities, threats that may be useful for others, will have to be submitted to the exchanges and depositories within 15 days from the end of every quarter.
Stock Exchanges and Depositories shall make necessary amendments to the relevant byelaws, rules and regulations for the implementation of these directions and bring the provisions of this circular to the notice of their members or participants and also disseminate the same on their websites.
The provisions of the Circular shall come into force with immediate effect, stated the SEBI, which had earlier this month prescribed the framework for cyber security and cyber resilience for stock brokers and depository participants.
(Source: https://www.the420.in)