Cybersecurity framework : SEBI explained.

This framework was introduced by SEBI to protect financial institutions like stock brokers, mutual funds, stock exchanges, and other players in the market against cyberattacks. The framework states that such organisations must protect their IT systems, data, and customer information from all cyber threats, including hacking; they should also be ready to respond to any eventuality, such as data compromises, hacking attempts, or cyber-related incidents. Furthermore, SEBI wants a self-assessment of risks to be undertaken by these organisations on a continuing basis as a means of early detection of cyber threat incidents, staff training, and timely reporting of any serious incidents.

Key Highlights

• Applicable to stock exchanges, brokers, depositories, mutual funds, and related intermediaries.
• Calls for protection from cyber threats such as hacking, data theft, and so on.
• Companies must prepare incident response plans and test systems regularly.
• Cyber incidents must be reported to SEBI within the specified timeframe.
• Encourages staff training and security audits on a regular basis.

FAQs for the SEBI (Cybersecurity and Cyber Resilience) Framework

1. Why is SEBI focusing on cybersecurity now?

Because of the sensitivity of financial data, hacking and fraud can affect numerous investors.

2. Does this affect me as a stock market investor?

Certainly. It provides for better protection of your personal and financial data.

3. Will my demat account be safer because of this?

Certainly. The framework asks stakeholders to ensure the safety of all investor home data.

4. What if there's a cyberattack on my stockbroker's platform?

It must report to SEBI, investigate and notify affected customers where warranted.

5. Can hackers steal my trading data?

The framework is intended to minimise such exposure through strengthened protections.

6. Is my online mutual fund platform covered?

Yes, mutual fund companies are also bound by these security laws.

7. What does SEBI expect companies to do if a cyberattack occurs?

Act immediately, contain the threat, investigate, report to SEBI, and rectify.

8. Will I be informed in case of a breach involving my data?

Yes, companies are supposed to inform the affected users.

9. Are the small brokers also required to comply?

Yes, with, however, different expectations in observance of size and type of entity.

10. How often do companies have to check their cybersecurity systems?

Regular checks through audits, mock drills, and vulnerability testing.

11. What kind of cyberattacks does this cover?

All, including phishing, ransomware, data breaches, hacking, etc.

12. Is two-factor authentication mandatory?

Two-factor authentication and other multifactor securities are strongly recommended by SEBI.

13. Can a company be punished for not reporting an incident?

Yes. SEBI can implement strict provisions, including fines or suspension.

14. Are mobile apps of brokers and mutual funds in the preview?

Yes, mobile trading and investing platforms are also covered under this framework.

15. How does this prevent online fraud in trading?

By enforcing secure and monitored systems, thereby mitigating chances of misuse.

16. Will this slow down my trading or investing experience?

No. The aim is to ensure systems remain fast but secure.

17. Does SEBI offer cybersecurity training to these companies?

SEBI lays down the guidelines and expects the companies to train their own personnel.

18. Can I report a suspicious cyber issue as a user?

Of course, you ought to raise a red flag with your broker/service provider.

19. Is my Aadhaar or PAN safe under this?

Certainly. The framework mandates the prorogation of all such sensitive information.

20. Where do I check if my broker follows SEBI's rules?

Most brokers worth their salt will provide you with information regarding their compliance with cybersecurity protocols in the privacy or legal section of their website. In addition to that, you can check SEBI's website for circulars and updates.