SEBI on 22.02.2023 has issued an Advisory for SEBI Regulated Entities (REs) regarding Cybersecurity best practices. The compliance of the advisory shall be provided by the REs along with their cybersecurity audit report (conducted as per the applicable SEBI Cybersecurity and Cyber Resilience framework). The compliance shall be submitted as per the existing reporting mechanism and frequency of the respective cybersecurity audit. REs are advised to:
- prepare detailed incident response plan.
- Enforce effective data protection, backup, and recovery measures.
- Encryption of the data at rest should be implemented to prevent the attacker from accessing the unencrypted data.
- Identify and classify sensitive and Personally Identifiable Information (PII) data and apply measures for encrypting such data in transit and at rest.
- Deploy data leakage prevention (DLP) solutions / processes.