Sebi on Thursday asked stock brokers and depositories participants to report all cyber attacks, threats and breaches experienced by them within six hours of detecting such incidents. They have to report such incidents within the specified time to the exchanges, depositories and the regulator.
The incident will also be reported to the Indian Computer Emergency Response team (CERT-In) in accordance with the guidelines issued by CERT-In from time to time, according to a circular. Additionally, the stock brokers and depository participants, whose systems have been identified as ‘protected system’ by National Critical Information Infrastructure Protection Centre (NCIIPC) will also report such incidents to NCIIPC.
“All cyber attacks, threats, cyber incidents and breaches experienced by stock brokers/ depositories participants shall be reported to stock exchanges/ depositories and Sebi within six hours of noticing/ detecting such incidents or being brought to notice about such incidents,” Sebi said in the circular. The quarterly reports containing information on cyber attacks, threats, cyber incidents and breaches experienced by the stock brokers and depository participants and measures taken to mitigate the vulnerabilities, including information on bugs vulnerabilities, threats that may be useful for others, will have to be submitted to the exchanges and depositories within 15 days from the end of every quarter.
This information will be shared to Sebi through a dedicated e-mail id. Earlier this month, the regulator prescribed the framework for cyber security and cyber resilience for stock brokers and depository participants.