SEBI issues 12-point cybersecurity advisory for mutual funds and stock exchanges

SEBI issues 12-point cybersecurity advisory for mutual funds and stock exchanges

The Financial Computer Security Incident Response Team has provided important recommendations

In view of the rising cybersecurity threats faced by stock exchanges, depositories, mutual funds, and other financial entities in the country, the Securities and Exchange Board of India (SEBI) has issued a 12-point advisory for regulated entities (REs).

The market regulator said the advisory has to be adhered to in conjunction with other relevant applicable circulars issued from time to time. It directed the REs to file a compliance report as per the existing reporting mechanism for cybersecurity audits.

Stating that cybersecurity incidents were growing in frequency and sophistication, SEBI's circular read, "Considering the interconnectedness and interdependency of the financial entities to carry out their functions, the cyber risk of an entity is not limited to its owned or controlled systems, networks and assets.

"Given the sophistication and persistence of the threat with a high-level coordination among threat actors, it is important to recognize that many traditional approaches to risk management and governance that worked in the past may not be comprehensive or agile enough to address the rapid changes in the threat environment and the pace of technological change that is redefining public and private enterprise."

It further stated, "An efficient and effective response and recovery from a cyber-incident by REs is essential to limit any related financial stability risks. For ensuring the same, the Financial Computer Security Incident Response Team (CSIRT-Fin) has provided important recommendations in its report sent to SEBI."