Sebi chief Pandey calls for stronger defence against cyberattacks

Tuhin Kanta Pandey calls for constant vigilance, cyber drills, and strong internal safeguards to protect exchanges and investors from escalating online threats

Tuhin Kanta Pandey, chairman, the Securities and Exchange Board of India (Sebi), on Thursday stressed the need for constant vigilance, regular incident-response drills, and forensic readiness to guard against escalating cyber threats.

 

Speaking at a cybersecurity training programme for regulated entities at the National Institute of Securities Markets (NISM), Pandey warned that even the perception of vulnerability can unsettle markets, irrespective of immediate financial losses.

 

Recalling the 2010 Nasdaq breach — where hackers accessed a system used by corporate boards to share confidential documents — he noted that while trading was unaffected, the incident “deeply shook confidence.”

 

Sebi has, in recent years, strengthened cybersecurity norms, mandated regular cyber audits, and tightened reporting on technical glitches across exchanges, clearing corporations, depositories, and market intermediaries. Safeguarding these “market utilities,” he added, is essential for capital formation, investor trust, and economic resilience.

 

Cyberattacks, he cautioned, are no longer rare. India witnessed over 2 million security incidents in 2024, according to CERT-In, nearly double the pre-pandemic levels. 

 

“A small glitch in a trading algorithm can trigger market disruption in milliseconds. A misconfigured server can give malicious actors a way in. A compromised account can lead to damaging data leaks,” Pandey said, citing the 2012 Knight Capital fiasco that caused $440 million in losses due to faulty trading software.

 

He stressed that internal lapses — such as inadequate checks, rushed deployments, or overlooked processes — can be as damaging as external threats. “Technology risk isn’t always about defending the gates. Sometimes it’s about ensuring the castle’s own walls are strong,” he remarked.

 

Pandey also underlined the human factor as a critical line of defence, noting that negligence and phishing attacks often open the door to breaches. 

 

“Proactive measures reduce both the probability and the impact of incidents. Reactive measures merely limit damage after trust has already been dented,” he said. 

 

In closing, Pandey told the participants that their quiet efficiency would likely never make headlines — but that the absence of crisis is their greatest professional achievement. 

 

“Behind the seamless flow of billions in our markets lies your invisible vigilance,” he added.