SEBI on Thursday asked stockbrokers and depository participants to report all cyberattacks, threats and breaches they experience within six hours of detecting such an incident.
They are required to report such incidents to exchanges, depositories and regulators within a specified time frame.
In addition, stockbrokers and depository participants identified as “protected systems” by the National Center for Critical Information Infrastructure Protection (NCIIPC) will also report such incidents to the NCIIPC.
“All cyberattacks, threats, cyber incidents and breaches experienced by stockbroker/depository participants should be reported to the stock exchange/depository within six hours of noticing/detecting or being notified of such an event and SEBI report,” the SEBI circular said.
Must submit quarterly reports containing information on cyberattacks, threats, cyber incidents, and breaches experienced by stockbrokers and depository participants, as well as actions taken to mitigate vulnerabilities, including Information on useful threats is submitted to exchanges and depositories within 15 days of the end of each quarter.
This information will be shared with Sebi via a dedicated email ID.
Earlier this month, the regulator laid out a cybersecurity and cyber resilience framework for stockbrokers and depository participants. PTI SP SHW memory