Additionally, a high powered steering committee on cybersecurity was constituted which was chaired by a Whole Time Member of Sebi and created a cybersecurity cell to actively address cybersecurity issues.
"In 2017-18, Sebi had actively issued three advisories in the wake of ransomware attacks. Additionally, advisories were also issued based on inputs from the National Cyber Security Coordinator (NSCS)," the report said.
Last year, multiple incidents of ransomware attacks like WannaCry, Petya and Locky were reported globally.
As per the report, Sebi had compiled a list of cyber threat vectors and cyberattack scenarios, which was shared with the MIIs to aid them in dealing with the risks.
"As a pre-emptive measure to further enhance the safeguards placed to protect the systems of the Indian MIIs, Sebi had advised MIIs to put in controls based on its list of cyber threat vectors and cyberattack scenarios," the report added.
The regulator has also advised MIIs to conduct a half-yearly comprehensive review of cybersecurity. It aims to check the level and adequacy of the controls put in place by the MII to comply with the various circulars and advisories issued by Sebi pertaining to cybersecurity along with the safeguards put in place by them to mitigate the cyberthreat vectors and cyberattack scenarios.
"Todays, cyber security breaches pose a major challenge to market participants across the globe. To deal with this challenge, Sebi plans to expand the scope for cyber security initiatives for MIIs and also look into the operational modalities of implementation.
"In this direction, a full cyber security review of MIIs is planned that includes all the cyber security advisories issued by Sebi and full list of cyber security threat vectors," Sebi said.
Besides, a cyber-capability index is being developed to assess the cybersecurity preparedness and resilience of the MIIs to ascertain their level of preparedness.
In November 2017, Sebi had facilitated a cyber-training programme conducted by scientists of CERT-In. It was attended by officials of all the MIIs and intermediaries such as brokers, depository participants, asset management companies and registrar and transfer agents.