BSE PUTS IN PLACE PENALTY STRUCTURE FOR NON-SUBMISSION OF CYBER

SECURITY REPORT

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks.
These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information;
extorting money from users; or interrupting normal business processes.

Implementing effective cybersecurity measures is particularly challenging today because there are
more devices than people, and attackers are becoming more innovative. A successful cybersecurity
approach has multiple layers of protection spread across the computers, networks, programs, or
data that one intends to keep safe. In an organization, the people, processes, and technology must
all complement one another to create an effective defense from cyber attacks.

In today’s connected world, everyone benefits from advanced cyberdefense programs. At an

individual level, a cybersecurity attack can result in everything from identity theft, to extortion
attempts, to the loss of important data like family photos. Everyone relies on critical infrastructure
like power plants, hospitals, and financial service companies. Securing these and other
organizations is essential to keeping our society functioning.

Everyone also benefits from the work of cyberthreat researchers, like the team of 250 threat
researchers at Talos, who investigate new and emerging threats and cyber attack strategies. They
reveal new vulnerabilities, educate the public on the importance of cybersecurity, and strengthen
open source tools. Their work makes the Internet safer for everyone.

The leading stock exchange BSE came out with a penalty structure for brokers who fail to make
timely submission of cyber security and cyber resilience audit report.

In this regard, Members are requested to note that the following penalty/disciplinary actions would
be initiated against the Member for late/non- submission of Cyber Security and Cyber Resilience
Audit Report.

Given below is the penalty structure issued by BSE:

Particulars
Submission within 1 month from the end of due
date of submission.
Submission after 1 month but within 3 months
from the end of the due date for submission.
Action
Penalty of Rs. 200/- per day
Penalty of Rs. 500/- per day
 Non-Submission within 3 months from the end
of due date for submission.
Disablement of trading facility across
segments after giving 2 weeks’ notice.
Disablement notice issued to the member
shall be shared with all the Exchanges for
information.
Member will be enabled only after
submission of Cyber Security and Cyber
Resilience Audit Report.

In the exchange ecosystem, it has been observed that the ecosystem participants Stock Brokers,
Depository Participants and Exchanges have heavy Cyber Infrastructure dependence to ensure
continuity of the services offered. The dependency also underlines the need for maintaining robust
cyber security and cyber resilience framework to protect the integrity of data and guard against
breaches of privacy. Since Stock exchanges have been connected to the Internet, cyber activities
have focused on protecting the information, operations, and assets against intrusions from cyber
threats.

The stock exchange BSE has also cautioned market intermediaries against malicious cyber attacks
amid increased usage of mobile phones and tabs in the wake of lockdown to contain the COVID-
19pandemic.

Many organizations have switched to work-from-home, due to outbreak of the pandemic, with
employees using mobile phones, tabs and personal laptops in order to maintain business continuity.
This has resulted in unprecedented increase in dependency on digital means by many folds and
resulting in many operations that may possibly be under remote monitoring mode. Cyber criminals
have started using this as an opportunity to target such users and computing devices used.