Introduction: The Bombay Stock Exchange (BSE) is at the forefront of ensuring transparency and accountability in the Indian financial markets. In line with this commitment, BSE has issued Notice No. 20230929-26 dated September 29, 2023, pertaining to the format of Cyber Security Incidence Disclosure under the Corporate Governance Report. This notice is of significant importance for all listed entities and aims to enhance cyber security reporting and compliance.
SEBI’s Regulatory Framework: The Securities and Exchange Board of India (SEBI) has been proactive in strengthening the regulatory framework for listed entities. In this context, SEBI issued Notification No. SEBI/LAD-NRO/GN/2023/131 on June 14, 2023, which introduced the SEBI (Listing Obligations and Disclosure Requirements) (Second Amendment) Regulations, 2023. Notably, sub clause 27(2)(ba) was inserted, which mandates the disclosure of Cyber Security incidents, breaches, loss of data, or documents in the Corporate Governance Report.
Quarterly Reporting Requirement: The new regulation requires listed entities to disclose such cyber security incidents on a quarterly basis. This regulatory change became effective from July 14, 2023, onwards. Therefore, it is imperative for all listed entities to understand and comply with this reporting requirement.
Key Reporting Fields: To facilitate the reporting process, BSE has introduced new fields in the existing Corporate Governance Report utility. These fields include:
- Whether as per Regulation 27(2)(ba) of SEBI (LODR) Regulations, 2015 there has been cyber security incidents or breaches or loss of data or documents during the quarter: Listed entities must indicate whether any such incidents occurred during the quarter, and they can respond with “Yes” or “No.”
- Date of the event: This field requires specifying the date when the cyber security incident occurred.
- Brief details of the event: Listed entities are expected to provide a concise description of the incident or breach.
Effective Date: These changes in the XBRL utility will come into effect for the quarter ending on September 30, 2023, and for all subsequent quarters. It is essential for listed entities to prepare for these changes and ensure compliance with the reporting requirements.
Conclusion: In an increasingly digitized world, cyber security is a paramount concern for businesses and financial markets. SEBI’s introduction of sub clause 27(2)(ba) and BSE’s subsequent notice regarding Cyber Security Incidence Disclosure are crucial steps toward enhancing transparency and safeguarding the interests of investors and stakeholders. Listed entities must promptly adapt to these changes, embrace robust cyber security practices, and diligently report any incidents in compliance with the regulatory framework. The BSE’s commitment to these standards reflects its dedication to maintaining the integrity and credibility of India’s financial markets.
*****
Notice No. 20230929-26
Notice Date 29 Sep 2023
Category: Circulars Listed Companies
Segment: General
To,
All Listed Entities
Sub: Format of Cyber Security Incidence Disclosure under Corporate Governance Report
1. Overview
SEBI vide Notification No. SEBI/LAD-NRO/GN/2023/131 dated June 14, 2023 issued SEBI (Listing Obligations and Disclosure Requirements) (Second Amendment) Regulations, 2023 and inserted sub clause 27(2)(ba) wherein it is specified that the details of Cyber Security incidents or breaches or loss of data or documents shall be disclosed in the Corporate Governance Report and shall be submitted by the listed entities to the stock exchanges on a quarterly basis which is effective from July 14, 2023 onwards.
2. Based on above mentioned requirement and various discussions with SEBI, following new fields have been added to the existing Corporate Governance Report utility:
Details of Cyber Security Incidence |
||
Whether as per Regulation 27(2) (ba) of SEBI (LODR) Regulations, 2015 there has been cyber security incidents or breaches or loss of data or documents during the quarter | Yes/No | |
Date of the event | Brief details of the event | |
The abovementioned changes in the XBRL utility will be effective from the quarter ended September 30, 2023, and onwards.
Ashok kumar Singh
DGM-Listing Compliance
Shyam Bhagirath
Manager-Listing Compliance