The SEBI on Thursday asked stockbrokers and custodians to report any cyberattacks, threats and breaches they experienced within six hours of detecting such incidents.
They must report such incidents to the exchanges, depots and the regulator within the stipulated time.
The incident will also be reported to the Indian Computer Emergency Response Team (CERT-In) in accordance with guidelines issued from time to time by CERT-In, according to a circular.
In addition, the brokers and custodians whose systems have been identified as “protected systems” by the National Critical Information Infrastructure Protection Center (NCIIPC) will also report such incidents to NCIIPC.
“All cyber-attacks, threats, cyber incidents and breaches experienced by stock broker/deposit participants will be reported or notified of such incidents within six hours of noticing/detecting such incidents to the stock exchanges/depository’s and the SEBI, the SEBI said in the circular.
The quarterly reports containing information on cyber-attacks, threats, cyber incidents and breaches experienced by the brokers and depositors and measures taken to mitigate the vulnerabilities, including information on bug vulnerabilities, threats that may be useful to others, will be submitted to the exchanges and deposits within 15 days from the end of each quarter.
This information is shared with Sebi via a special email address.
Earlier this month, the regulator prescribed the cybersecurity and cyber resilience framework for stockbrokers and custodians. PTI SP SHW RAM