Sebi releases new cyber security framework for regulated entities

Markets watchdog Sebi on Tuesday issued a new cyber security framework wherein all regulated entities are required to have appropriate security monitoring mechanisms, and the fresh norms will be implemented in a graded manner starting from January 2025.

Besides, a Cyber Capability Index (CCI) for market infrastructure institutions and qualified regulated entities will be introduced to monitor and assess their cybersecurity maturity and resilience on a regular basis.

The Cybersecurity and Cyber Resilience Framework (CSCRF), formulated after consultations with stakeholders, comes at a time when there are rising instances of cyber attacks.

The framework will supersede the existing cybersecurity circulars and guidelines for the entities regulated by Sebi, according to a circular.

For small regulated entities, Sebi said that stock exchanges NSE and BSE will establish market Security Operation Centres (SOCs) to assist them in meeting the requirements under the new framework.

These SOCs