• Home
  • Internet
  • Internet News
  • KYC Registration Agencies to Report All Cyberattacks, Threats, and Breaches Within Six Hours, Says SEBI

KYC Registration Agencies to Report All Cyberattacks, Threats, and Breaches Within Six Hours, Says SEBI

SEBI came out with a similar directive for stock brokers and depository participants last month.

KYC Registration Agencies to Report All Cyberattacks, Threats, and Breaches Within Six Hours, Says SEBI

Photo Credit: Pixabay/ Gerd Altmann

Last month, SEBI came out with a directive for stock brokers and depository participants

Highlights
  • SEBI asked the KRAs to report all cyber attacks, threats and breaches
  • Issues will also be reported to the CERT-In
  • Details will be shared to the SEBI through a dedicated e-mail id

Capital markets regulator SEBI has asked the KYC Registration Agencies (KRAs) to report all cyber attacks, threats and breaches experienced by them within six hours of detecting such incidents.

The incident will also be reported to the Indian Computer Emergency Response team (CERT-In) in accordance with the guidelines issued by CERT-In from time to time, according to a circular.

Additionally, the KRAs, whose systems have been identified as 'protected system' by National Critical Information Infrastructure Protection Centre (NCIIPC) will also report such incidents to NCIIPC.

"All cyber attacks, threats, cyber incidents and breaches experienced by KRAs shall be reported to SEBI within six hours of noticing/detecting such incidents or being brought to notice about such incidents," the regulator said on Tuesday.

The quarterly reports containing information on cyber attacks, threats, cyber incidents and breaches experienced by the stock brokers and depository participants and measures taken to mitigate the vulnerabilities, including information on bugs vulnerabilities, threats that may be useful for others, will have to be submitted to SEBI within 15 days from the end of every quarter.

This information will be shared to the SEBI through a dedicated e-mail id.

Last month, the regulator came out with a similar directive for stock brokers and depository participants.

Back in May, 11 international bodies comprised of tech giants like Google, Facebook and HP as members wrote to CERT-In director general Sanjay Bahl, stating that the new directive which mandates reporting of cyberattack incidents within six hours and storing users' logs for 5 years will make it difficult for companies to do business in the country.

The international bodies expressed concerns that the directive, as written, will have a detrimental impact on cybersecurity for organisations that operate in India, and create a disjointed approach to cybersecurity across jurisdictions, undermining the security posture of India and its allies in the Quad countries, Europe and beyond.


What are the best tablets? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Skull and Bones In-Depth Gameplay Reveal Coming on July 7 at Ubisoft Forward Event
Share on Facebook Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2023. All rights reserved.