Stock brokers to report cyber threats within 6 hours of detecting them: Sebi

Market regulator Sebi has asked stock brokers and depositories participants to report all cyber attacks, threats and breaches experienced by them within six hours of detecting such incidents.

The incident will also be reported to the Indian Computer Emergency Response team (CERT-In) in accordance with the guidelines issued by CERT-In from time to time, Sebi said in a circular.

Additionally, the stock brokers and depository participants, whose systems have been identified as ‘protected system’ by National Critical Information Infrastructure Protection Centre (NCIIPC) will also report such incidents to NCIIPC.

“All cyber attacks, threats, cyber incidents and breaches experienced by stock brokers/ depositories participants shall be reported to stock exchanges/ depositories and Sebi within six hours of noticing/ detecting such incidents or being brought to notice about such incidents,” Sebi said in the circular.

The quarterly reports containing information on cyber attacks, threats, cyber incidents and breaches experienced by the stock brokers and depository participants and measures taken to mitigate the vulnerabilities, including information on bugs vulnerabilities, threats that may be useful for others, will have to be submitted to the exchanges and depositories within 15 days from the end of every quarter.

Earlier this month,  the capital markets regulator tweaked the cyber security and cyber resilience framework for asset management companies (AMCs) and mandated them to conduct a comprehensive cyber audit at least twice in a financial year.

AMCs have been asked…