Cybersecurity framework : SEBI explained.

The SEBI Cybersecurity and Cyber Resilience Framework protects financial market participants—like stock brokers, mutual funds, stock exchanges, depositories, and other intermediaries—from cyberattacks. It ensures that investors' data and trading systems remain secure, reduces risks of hacking and fraud, and requires prompt reporting of incidents to SEBI.

The law applies to all intermediaries in the securities market and mandates regular system audits, staff training, and preventive measures.

Key Highlights

• Who is Covered: Stock exchanges, brokers, mutual funds, depositories, and related intermediaries.
• Cyber Threat Protection: Security against hacking, ransomware, phishing, data theft, and other attacks.
• Incident Response: Companies must have plans for responding to breaches, including reporting to SEBI.
• Staff Training: Regular training and mock drills are mandatory.
• Audits & Testing: Regular audits and vulnerability testing to prevent incidents.
• Investor Protection: Safeguards personal and financial information of users.

Where to Check & Complain

• SEBI Investor Complaints Portal: https://scores.sebi.gov.in/
• Contact Individual Brokers or Mutual Funds: Usually via their grievance/redressal section.
• SEBI Cyber Guidelines & Updates: https://www.sebi.gov.in/legal/circulars/cybersecurity

FAQs – SEBI Cybersecurity & Cyber Resilience Framework

Q1. Why did SEBI introduce this framework?

To protect sensitive financial and investor data from cyber threats.

Q2. Does this affect me as an investor?

Yes, your demat account, mutual fund investments, and trading platforms are safer.

Q3. Are mobile trading apps covered?

Yes, apps for trading and investing must comply with the framework.

Q4. What happens if my broker faces a cyberattack?

They must act immediately, investigate, contain the threat, report to SEBI, and inform affected users.

Q5. Can hackers steal my trading or personal data?

The framework minimises such risks by enforcing secure systems and protocols.

Q6. Are smaller brokers required to follow this?

Yes, with compliance adjusted to the size and type of entity.

Q7. How often are audits and tests required?

Regularly, including vulnerability testing and mock drills.

Q8. Is two-factor authentication mandatory?

Strongly recommended, along with other multi-factor security measures.

Q9. What type of cyberattacks are covered?

Phishing, ransomware, hacking, data breaches, and other cyber threats.

Q10. Can I report suspicious activity as a user?

Yes, notify your broker or mutual fund immediately.

Q11. Will my Aadhaar, PAN, or bank details be safe?

Yes, all sensitive investor information must be securely stored and protected.

Q12. What if a company fails to report a breach?

SEBI can take strict action, including fines, suspension, or other penalties.

Q13. Do staff members require training?

Yes, all personnel handling IT and investor data must be trained regularly.

Q14. Will my trading experience slow down due to these measures?

No, security measures are designed to protect without affecting speed.

Q15. Where can I verify if my broker complies with SEBI cybersecurity rules?

Check the broker's website for compliance statements in the privacy or legal section. SEBI circulars and updates: https://www.sebi.gov.in/index.html