The Rights of the Deceased: Moral Rights Incidental to Copyright Law
- Vanshika Agrawal
- 2024-04-25
Impact of Cybersecurity on Capital Market – The Government has taken several steps towards the initiative of digitizing the country, by introducing technology-driven programs like the launching of Goods and Services Tax, Digital India, the Smart City Mission. As a result of digitizing, the number of cyber threats has substantially increased. As per the 2018 CERT-In annual report, the number of cyber threat cases recorded as of 2018 is 2,08,456, as opposed to only 53,081 in 2017, which is an increase of 292%[1] With India embarking on becoming digitally forward, it also a clear indication that cyber threats will be on the rise, and the traditional approach towards cybersecurity will not suffice. No doubt that digitalization brings in unmatched functionalities, coverage, and utilization for the large population of the country. However, cyber risks have been ranked as a major risk in the banking sectors and capital market in India.
Contents hide
3 Regulation Governing Cyber Security in Securities Market
4 Stockbroker/Depository Participant
4.2 SEBI’s 3 tier Cyber-Security system
5 Techniques to Implement better Cybersecurity
Impact of Cybersecurity on Capital Market
Similarly, there has been a rapid growth of technology in the securities market. The Depository Participants and Stockbrokers play a vital role in providing services to the investor. Hence it has become of significant importance to inculcate robust cybersecurity regulations and evolve the market to introduce new techniques and tools for cyber resilience against cybercrimes. Given that most of the shares traded in the stock market are in dematerialized form, and the financial transactions are predominantly done through digital means, the risk of money, financial information, private and public data being misused shall also increase. In an infrastructure like the capital market, the stakes are relatively high, as there is an immense amount of money invested by the investors, and information of the investors and the organization is at risk. Therefore, the system is more fragile and prone to crimes.
There have been several instances where exchanges have been attacked. Such attacks evidently display the readiness of the cyber criminals to target security exchange infrastructures and participants. It has also been the foremost priority of the Securities Exchange Board of India to invest capital in cyber-security, as an attack can have an impact on the core system, lead to market manipulation and disrupt the general integrity and the working of the capital market. Further, any breach of data can have a negative impact on the trust between the customers and capital market firms. As per a survey conducted by the International Organization of Securities Commissions (IOSCO), approximately half of the security exchanges around the world have experienced cybercrimes. It is without a doubt, that with the technology developing, such attacks will be more sophisticated, grave and higher in volume.
Under the guidelines, the Securities Exchange Board of India has provided various steps in respect of policy-making, effectiveness, training, identification of threat, and cybersecurity, which must be followed by the stockbrokers and depository participants. Further, the Securities Exchange Board of India, as its way to tackle cyber-threat, has made it mandatory for the participants to implement a policy document. The policy should be draft in lines of identifying the IT asset, protecting these assets with the use of efficient tools, identifying cyber-threat, responding to the cyber-threats by taking effective steps, and recovery of data/assets lost due to the cyber-threat.[3] The policy document shall approve by the Board/Partner/Proprietor of the Stockbroker/Depository Participant. Further, certain standards with respect to cyber-security have been provided such as, stockbrokers trading through APIs must follow ISO 27001 standards.
The guidelines further state that every Stockbroker/Depository Participant shall appoint a Designated Officer who shall be responsible for the protection, detection, and maintenance of standard with respect to cyber-security. The Board/Partner of the Stockbroker/Depository Participant shall also constitute an Internal Technology Committee, which shall have a review on a half-yearly basis of the cybersecurity implementations and set their goals for better cyber-security and cyber-resilience.
One of the most important aspects set out in the guidelines is access to critical data. As per the guidelines access to the data shall be based on the principle of least privilege and should be for specific purposes and specific periods only. The guidelines provide certain illustrations to make access to the system of the Stockbrokers/Depository Participants more secure i.e. through passwords, VPNs, Firewalls, etc. Although these methods can be useful in securing a system, a perpetrator or even malware can attack the system in the presence of a secured password or PIN. Therefore, a more secure software or method requires along with suggested illustrations for better protection of the system.
In respect of sensitive data such as the phone number or bank account details of a customer. The guidelines state that every Stockbroker/Depository Participant should identify the sensitive data and store it in an encrypted form. It further asserts that the Stockbroker/Depository Participant should follow industry-standard encryption such as RSA and backup sensitive data and ensure that the location of the backup is secured adequately. It further states that critical data shall dispose of every device securely by use of methods like crypto shredding / degauss / physical destruction as applicable and also formulate a disposal policy for the same
Apart from the regulation by the Securities Exchange Board of India, cyber-crimes also regulated by the Information Technology Act, 2000. The primary object of the Act is to allow commercial use of technology by allowing electronic transactions in a secured way, by prosecuting criminals. Since the Information Technology Act, 2000 is still developing, not all the criminal activities are cover in the Act. Therefore, a perpetrator found guilty of a cyber-crime will punish under the Information Technology Act, 2000. As well as the Indian Penal Code, 1860, depending on the nature of the crime.
Impact of Cybersecurity on Capital Market
Securities Exchange Board of India also plans to set up a 3-tier cybersecurity system that includes a Cyber-Security. And Compliance system shall implement by market infrastructures such as the Bombay Stock Exchange. And National Stock Exchange and shall be conjoined with the government and other international organizations. Further, a Cyber-Security index shall develop to monitor cyber-security and cyber-resilience. It will also make use of new technology for better data analytics.[4].
Similarly, as per recent research, it was found that social media acts as a catalyst for market manipulation. Accordingly, in order to deal with this issue, the Securities and Exchange Board of India plans. To introduce tools for surveillance of social media through techniques like natural language processing (NLP), artificial intelligence (AI), and big data analytics. Tools such as Blockchain also consider for surveillance in social media. Although this would be a good move technologically and otherwise. Surveilling social media of the public can also create a conflict, especially with the new Data Privacy Law coming in.[5]
Impact of Cybersecurity on Capital Market
There are a number of ways one can improve cybersecurity. This can by using various tools of technology like encryption, Artificial Intelligence, and other steps. That was taken by the organization that can help cyber-security to reach a targeted level. The following are some tools and techniques that can be used to improve cyber-security by the capital market:
Impact of Cybersecurity on Capital Market
The rapid digitization and increased use of the Internet, in the day-to-day lives of every person. And the organization has made human lives evidently convenient. Given the rapid growth of the economy, and the growing globalization and capitalization. Modern-day technology has become an essential tool to carry out commercial transactions. Since most of the monetary transactions carried out through the internet. There is a greater risk of the available data to misuse as the same can carried by maintaining anonymity. Hence cybersecurity plays a significant role in securing the data by being an important strategic and governance issue. And the same should be a prerequisite in capital markets. Given the number of public data and money involved in the infrastructure of the market.
[1]Siddharth Vishwanath, Seven Cyber security Trends for India in 2020, PWC INDIA (December 10, 2020, 3:40 PM), https://www.pwc.in/consulting/cyber-security/blogs/what-lies-ahead-seven-cyber-security-trends-india-will-witness-in-2020.html
[2] SEBI circular SEBI/HO/MIRSD/DOP/CIR/P/2019/109 dated on October 15, 2019.
[3] SEBI circular SEBI/HO/MIRSD/CIR/PB/2018/147 dated on December 03, 2018.
[4] SEBI Head Office, SEBI plans 3 tier structure to bolster cyber security, prevent attacks, BUSINESS STANDARD (December 10, 2020, 3:40 PM), https://www.business-standard.com/article/pti-stories/sebi-plans-three-tier-structure-to-monitor-cyber-security-threats-119090500570_1.html
[5] Ajay Tyagi, SEBI to use AI, Blockchain tech to fight market manipulation via social media, BUSINESS LINE (December 10, 2020, 3:50 PM), https://www.thehindubusinessline.com/markets/social-media-key-tool-for-market-manipulation-ajay-tyagi/article30633275.ece
[6] The Information Technology (Certifying Authorities) Rules 2000 Schedule V.
Drop your comment