Markets regulator SEBI is mulling a greater push to put in place strong safeguards against cyber threats to bourses, brokerages and other entities, amid concerns over the largest-ever banking data breach wherein 32 lakh debit cards are feared to have been ‘compromised’.
The regulator will also look at the best global practices in this regard including through inputs from the regulatory authorities in advanced markets, while consultations will be held with government entities as well as with the information technology and cyber security experts, a senior official said.
While the Securities and Exchange Board of India (SEBI), which is mandated to regulate stock exchanges, clearing corporations, brokerages, portfolio managers, fund houses, rating agencies and a host of other entities in the capital market space, is already in the process of appointing a chief IT security officer to oversee various initiatives aimed at protecting the marketpace from cyber threats.
The regulator has further beefed up its efforts and wants to fast-track the work on a new and stronger policy framework in the areas of cyber security in the wake of the recent suspected compromise of 32 lakh debit cards across various banks, presumably due to a cyber malware attack in the ATM network systems of a private sector bank, the official said.
The matter assumes significance as the entire marketpace is closely linked and a cyber security threat in one segment of the capital markets can prove to be disastrous for other segments as well.
The offiicial said the regulator is looking to beef up its own surveillance and risk management systems, as also that of the market infrastructure entities to check any cyber threats, while various intermediaries would also be asked to strengthen their respective systems, networks and databases.
Given the dynamic nature of new technologies, the risk management systems would also need to keep evolving so as to keep pace with the newer kinds of threats that may come to fore, the official added.
SEBI will appoint a Chief Information Technology Security Officer, who will be responsible for strengthening its regulatory policy framework in the area of cyber security.
The Officer would oversee implementation of these regulatory policies across security markets and also help enhance capacity building at Sebi and various market participants with respect to cyber security.
SEBI would also develop stress testing mechanism to mitigate risk arising out of cyber attacks, while necessary framework would be put in place for taking corrective measures and prudent response in case of cyber attacks at the regulator or market participants.