Ajay Tyagi, the Chairman of the Securities and Exchange Board of India (Sebi), on Monday said cyber security management is not a one-time event but a continuous process.
Speaking at the inauguration of a joint certification course in cyber security foundation by NISM, CERT-In and C-DAC, Tyagi said there is a visible trend of increase in use of technology in different spheres of life in the last few years, especially post the onset of pandemic.
The use of technology has also significantly picked up in the financial sector in areas such as digital banking, online payments, mobile-based and internet-based trading, among others, and cyber security is pivotal to keep the system robust, the chairman said.
Saying that Sebi has been constantly stepping up its cyber security efforts, both internally within the organisation and externally, the chairman spoke about some of the initiatives taken by the regulator in this regard.
He said cyber security is extremely critical for market infrastructure institutions like stock exchanges, clearing corporations and depositories since technology is the underpinning for all these institutions.
Also Read: Paytm IPO: Foreign investors valuing co at $20-22 bn
"Cyber security failures in such institutions will not only impact protection of data but could even cause a system failure leading to a ripple-through effect in the entire financial ecosystem. Sebi has laid down a detailed framework for cyber security for such institutions including identification of critical assets and cyber risks, network security management and security of data, vulnerability assessment and penetration testing, system audits to be done by CERT-In empanelled auditors, etc," Tyagi said.
For intermediaries and mutual funds, he said that while technology failure in any individual intermediary may not have system-wide impact, unlike in market infrastructure institutions, the intermediaries are critical from the perspective of protection of data including client data.
The regulator's framework for intermediaries prescribes an SOP for handling cyber security incidents, while detailed framework has also been specified for mutual funds, which includes formulation of a comprehensive cyber security and cyber resilience policy, designation of a senior official as Chief Information Security Officer, among others.
Also Read: Blue-collar workforce hiring platform Smartstaff raises $4.3 mn
Besides, Tyagi said Sebi has significantly boosted its own cyber security capability with several measures, including formation of a Cyber Security Operations Centre which monitors and defends enterprise-wide information technology systems.
"Clearly, cyber security management is not a one-time event but a continuous process - it is not a project but a journey," he said.
While Sebi has not specified a specific cyber security framework for listed entities, the Risk Management Committee of listed companies has been mandated to monitor and manage cyber security risks as one of its mandates, he added.
Tyagi said the newly-launched course will help in understanding cyber security framework and will encourage stakeholders in securities markets to learn and be aware of cyber security issues.
Copyright©2021 Living Media India Limited. For reprint rights: Syndications Today