India’s leading stock exchanges, BSE and NSE, have issued an urgent cybersecurity advisory to all market participants following a high-priority alert from the Indian Computer Emergency Response Team (CERT-In). The advisory, issued on Wednesday, warns of potentially high-impact cyberattacks targeting key sectors, particularly in the wake of rising India-Pakistan tensions.
In response, the BSE on Thursday directed all trading members, brokers, and intermediaries to immediately implement enhanced cyber risk protocols to protect market infrastructure, citing threats including ransomware, DDoS attacks, malware infections, website defacement, and supply chain intrusions.
The advisory underscores the increasing relevance of cybersecurity in safeguarding India’s capital markets, particularly as threat actors seek to exploit geopolitical disruptions to target the Banking, Financial Services, and Insurance (BFSI) sector.
Precautionary Measures Mandated by Exchanges
The Bombay Stock Exchange (BSE) has specifically instructed brokers to conduct a comprehensive evaluation of their current systems against the standards outlined in SEBI’s Cybersecurity and Cyber Resilience Framework (CSCRF), which was last updated on August 20, 2024.
As per the directive, market participants must:
-
Conduct immediate risk assessments and address any security gaps.
-
Enhance real-time monitoring of systems for unusual activity or breaches.
-
Implement robust incident response plans to contain and recover from attacks.
-
Use threat intelligence feeds from CERT-In and the National Critical Information Infrastructure Protection Centre (NCIIPC).
-
Act on all cybersecurity alerts/advisories in a timely manner.
-
Increase threat-hunting efforts and report any incidents to regulators and exchanges as per protocol.
The National Stock Exchange (NSE), though yet to release a public statement, is expected to enforce similar protective measures for its ecosystem of trading participants.
ALSO READ: OEMs Invited to Showcase Tech Solutions to Police and LEAs
MeitY Flags State-Sponsored Cyber Campaign Targeting BFSI Sector
The advisory from CERT-In, issued under the guidance of the Ministry of Electronics and Information Technology (MeitY), reportedly highlights a state-sponsored cyber espionage campaign targeting entities within the BFSI sector, India’s digital public infrastructure, and other critical systems.
The threat actors are believed to be utilizing multi-vector tactics, including phishing, vulnerability exploitation, and man-in-the-middle attacks to gain access to sensitive financial systems, extract data, and potentially destabilize trust in market operations.
While the advisory does not name specific threat actors, cybersecurity experts suggest the alert reflects concerns over cyber retaliation or destabilization efforts linked to escalating diplomatic and military conflict between India and Pakistan, especially following recent military operations and cross-border hostilities.
With capital markets forming part of India’s critical financial infrastructure, the stock exchanges are under growing pressure to defend against both systemic and targeted cyber intrusions.
Industry Implications and the Road Ahead
The move by BSE and NSE to amplify the CERT-In advisory reflects heightened awareness and responsiveness among Indian market regulators to the rising frequency and sophistication of cyber threats. Market players are being urged to shift from reactive measures to proactive cybersecurity postures, involving continuous assessment, simulation drills, and real-time intelligence integration.
Failure to comply with such protocols could leave brokers and financial institutions vulnerable to service disruption, data compromise, and reputational damage—consequences that could ripple across investor confidence and financial stability.
Given the cross-sectoral nature of the threat, exchanges are also encouraging collaborative information sharing, training, and incident reporting mechanisms that align with national cybersecurity directives and best practices.
As geopolitical tensions continue to influence the digital threat landscape, India’s financial market stakeholders are being called upon to fortify their cyber defenses—not only to protect systems, but to preserve trust in the resilience of the country’s economic institutions.