SEBI Unveils New Cybersecurity Framework for Regulated Entities

SEBI

The Securities and Exchange Board of India (SEBI) has introduced a comprehensive new cybersecurity framework for all regulated entities to strengthen the cybersecurity landscape of India’s financial markets. This initiative, designed to bolster the resilience of market participants against rising cyber threats, will be implemented in a phased manner beginning January 2025.

The newly formulated Cybersecurity and Cyber Resilience Framework (CSCRF) will replace existing guidelines and is set to introduce a Cyber Capability Index (CCI). This index will regularly monitor and assess the cybersecurity maturity and resilience of market infrastructure institutions and qualified regulated entities.

Recognizing the varied capabilities among regulated entities, SEBI has outlined special provisions for smaller entities. The National Stock Exchange (NSE) and Bombay Stock Exchange (BSE) will establish Market Security Operation Centres (SOCs) to support smaller entities in meeting the new cybersecurity requirements. These SOCs will provide tailored solutions, ensuring that even resource-constrained entities can achieve robust cyber resilience.

Also read: SEBI nods Aadhar Housing Finance for Rs 5000 cr IPO

The framework mandates all regulated entities to establish security monitoring mechanisms through SOCs, which could be their own, a group SOC, a market SOC, or a third-party managed SOC. These mechanisms are essential for continuously monitoring security events and timely detection of anomalous activities.

SEBI has planned a glide path for implementing this framework. The first group of entities must comply by January 1, 2025, while the second group has until April 1, 2025. After these deadlines, entities will be required to conduct cybersecurity audits in accordance with the CSCRF and submit reports to the relevant authorities within stipulated timelines.

“CSCRF includes provisions on various critical areas such as IT service requirements, Software as a Service (SaaS) solutions, hosted services, data classification, and audits for software solutions and applications used by regulated entities,” SEBI stated in its circular.

This move comes in response to the increasing frequency and sophistication of cyberattacks, signalling SEBI’s commitment to safeguarding the integrity and security of India’s financial markets. 

"Exciting news! Elets Banking & Finance Post is now on WhatsApp Channels Subscribe today by clicking the link and stay updated with the latest insights!" Click here!

Elets The Banking and Finance Post Magazine has carved out a niche for itself in the crowded market with exclusive & unique content. Get in-depth insights on trend-setting innovations & transformation in the BFSI sector. Best offers for Print + Digital issues! Subscribe here➔ www.eletsonline.com/subscription/

Get a chance to meet the Who's who of the Banking & Finance industry. Join Us for Upcoming Events and explore business opportunities. Like us on Facebook, connect with us on LinkedIn and follow us on Twitter, Instagram & Pinterest.