Sebi’s cybersecurity framework to ease burden, say experts

The Securities and Exchange Board of India’s (Sebi) recent clarifications on its Cybersecurity and Cyber Resilience Framework (CSCRF) has introduced graded compliance norms to ease the burden on smaller intermediaries, but experts caution that challenges remain, particularly for smaller and mid-sized firms.

“Sebi’s enhanced cyber rules substantially improve market security. However, this is overwhelming for smaller firms, and they may face considerable challenges due to increased costs and technical demands,” said Vikas Garg, partner, Deloitte India. He added that larger organisations can absorb compliance costs with dedicated teams and advanced technology, but smaller players may require phased implementation and regulatory flexibility to manage the transition. Sebi’s move is being seen as part of India’s effort to align with global standards.

“The framework signals a strong commitment to market integrity and investor protection. They are also in most of the forms aligned with the global prevalent practices of the US SEC and UK FCA on cyber risk management,” said Atul Gupta, partner and head of Digital Trust and Cyber at KPMG India. While multiple regulators already have cybersecurity norms, a harmonised national framework could simplify compliance and reduce overlap.