NCLT: Suspended Directors Who are Prospective Resolution Applicants Cann’t Access Valuation Reports  ||  Supreme Court Clarifies Test For Granting Bail to Accused Added at Trial under Section 319 CrPC  ||  SC: Fresh Notification For Vijayawada ACB Police Station not Required After AP Bifurcation  ||  SC: Studying in a Government Institute Does Not Create an Automatic Right to a Government Job  ||  NCLT Mumbai: CIRP Claims Cannot Invoke the 12-Year Limitation Period For Enforcing Mortgage Rights  ||  NCLAT: Misnaming Guarantor as 'Director' in SARFAESI Notice Doesn't Void Guarantee Invocation  ||  Jharkhand HC: Mere Breach of Compromise Terms by an Accused Does Not Justify Bail Cancellation  ||  Cal HC: Banks Cannot Freeze a Company's Accounts Solely Due To ROC Labeling a 'Management Dispute'  ||  Rajasthan HC: Father’s Rape of His Daughter Transcends Ordinary Crime; Victim’s Testimony Suffices  ||  Delhi HC: Judge Who Reserved Judgment Must Deliver Verdict Despite Transfer; Successor Can't Rehear    

Advisory for SEBI Regulated Entities (REs) regarding Cybersecurity best practices- (Securities and Exchange Board of India) (22 Feb 2023)

MANU/SMIS/0014/2023

Capital Market

1. Financial sector organizations, stock exchanges, depositories, mutual funds and other financial entities have been experiencing cyber incidents which are rapidly growing in frequency and sophistication. Considering the interconnectedness and interdependency of the financial entities to carry out their functions, the cyber risk of any given entity is no longer limited to the entity's owned or controlled systems, networks and assets

2. Further, given the sophistication and persistence of the threat with a high level of coordination among threat actors, it is important to recognize that many traditional approaches to risk management and governance that worked in the past may not be comprehensive or agile enough to address the rapid changes in the threat environment and the pace of technological change that is redefining public and private enterprise.

3. Thus, an efficient and effective response to and recovery from a cyber-incident by REs are essential to limit any related financial stability risks. For ensuring the same, Financial Computer Security Incident Response Team (CSIRT-Fin) has provided important recommendations in its report sent to SEBI. The applicable recommendations, in the form of an advisory, are enclosed at Annexure-A of this circular.

4. This advisory should be read in conjunction with the applicable SEBI circulars (including but not limited to Cybersecurity and Cyber Resilience framework, Annual System Audit framework, etc.) and subsequent updates issued by SEBI from time to time.

5. The compliance of the advisory shall be provided by the REs along with their cybersecurity audit report (conducted as per the applicable SEBI Cybersecurity and Cyber Resilience framework). The compliance shall be submitted as per the existing reporting mechanism and frequency of the respective cybersecurity audit.

6. The advisory annexed with this circular shall be effective with immediate effect.

7. This circular is issued in exercise of powers conferred under Section 11(1) of the Securities and Exchange Board of India Act, 1992, to protect the interests of investors in securities and to promote the development of, and to regulate the securities market.

Tags : ADVISORY   RE   CYBERSECURITY  

Share :        

Disclaimer | Copyright 2026 - All Rights Reserved