India’s top stock exchanges—the National Stock Exchange (NSE) and the Bombay Stock Exchange (BSE)—have temporarily restricted website access from overseas IP addresses following a surge in cyberattacks targeting critical financial infrastructure in recent days. The move comes in the wake of attempted intrusions into one of the exchange’s web systems and broader concerns around escalating cyber threats against Indian institutions.
The precautionary action, implemented quietly but swiftly, involves whitelisting select IP addresses of foreign clients, while temporarily blocking the rest. Exchange sources confirmed that the restrictions do not affect foreign institutional investment (FII) operations, which continue through secure trading terminals unaffected by public website protocols.
Joint Action After Suspicious Activity Detected
The decision was reportedly taken after top officials of NSE and BSE held a joint emergency meeting. This followed an incident where cyber threat monitoring tools detected a sophisticated attempt to breach one of the exchange websites.
A BSE spokesperson said,
“Being a critical Market Infrastructure Institution (MII), BSE proactively and continuously monitors cyber risks both domestically and internationally. As a precautionary and protective measure, specific websites and locations have been blocked to safeguard users and systems.”
The monitoring and restriction, according to the BSE, are dynamic and evaluated on a case-by-case basis. Access may be restored after threat assessments determine it is safe to do so. The NSE has not yet issued an official statement, but sources confirmed similar measures have been adopted by both exchanges.
Cyber Threats Spike After Pahalgam Terror Incident
Security sources noted that the volume and intensity of cyberattacks on Indian websites surged after the recent terrorist killings in Pahalgam, Kashmir. In recent days, several government websites and affiliated portals have been defaced or hacked by foreign-based cybercriminal groups, intensifying cybersecurity vigilance across sectors.
Although no data loss or breach has been reported at the exchanges, officials confirmed that cybersecurity firewalls and protocols were tested by repeated intrusion attempts. The exchanges have since coordinated with India’s national cybersecurity agencies, including the Indian Computer Emergency Response Team (CERT-In), to mitigate ongoing threats and share intelligence.
Sources added that after the blanket restrictions were enforced, some foreign clients reached out seeking access, prompting the exchanges to whitelist verified IPs to allow limited website availability abroad. The access limitations are temporary, and normal global accessibility is expected to resume once the cyber threat levels subside.
Markets Unaffected, Investor Confidence Intact
Market analysts and traders confirmed that despite heightened cybersecurity protocols, trading operations and settlement mechanisms remain unaffected. Foreign funds and institutional investors use secure gateways and direct terminal connections that do not rely on public website access.
The episode, however, underscores growing vulnerabilities for critical market infrastructure institutions (MIIs) amid a rapidly evolving geopolitical and digital threat landscape. It also highlights the importance of proactive, collaborative cybersecurity frameworks among India’s top financial institutions.