Get in Touch
Hello Auditor

Audit Analyst

Publish: September 17, 2025
Public Limited Company

What are the cyber security obligations of Public Limited Companies?

1. Protection of Financial and Stakeholder Data

  • Public Limited Companies must ensure the confidentiality, integrity, and availability of sensitive financial, operational, and shareholder data.
  • Listed companies, in particular, are required to safeguard investor information, trading data, and business communications from breaches or leaks.
  • Breach of sensitive data could lead to loss of reputation, legal action, and regulatory penalties.

2. Compliance with Legal and Regulatory Frameworks

  • Companies must comply with:
    • Information Technology Act, 2000 and its rules on data protection and cyber offences
    • SEBI (LODR) Regulations for listed companies, which mandate disclosure of cyber incidents affecting the financial or operational status
    • CERT-In guidelines (Computer Emergency Response Team – India) require reporting of cybersecurity incidents within 6 hours.
    • Data Privacy Rules, especially when handling personal or financial information of employees, clients, or investors
  • Public companies dealing with EU citizens or U.S. markets may also need to comply with GDPR or SOX regulations, respectively.

3. Implementation of Cybersecurity Measures

  • Must deploy firewalls, anti-virus tools, intrusion detection systems, and endpoint protection across networks and devices.
  • Companies should enforce strong access controls, encryption protocols, multi-factor authentication (MFA), and secure backup systems.
  • Regular patch management and system updates are essential to close vulnerabilities.
  • All critical systems must have business continuity and disaster recovery plans.

4. Risk Management and Internal Governance

  • Public Limited Companies must integrate cybersecurity into their enterprise risk management (ERM) framework.
  • The Audit Committee or Risk Management Committee of the board should periodically review cybersecurity posture and incidents.
  • SEBI and stock exchanges encourage companies to establish a cybersecurity policy, with clear roles and responsibilities for the Chief Information Security Officer (CISO) or equivalent role.
  • Periodic vulnerability assessments and penetration testing (VAPT) should be conducted by independent auditors.

5. Disclosure and Incident Response Obligations

  • In case of data breach or cyberattack, companies must:
    • Inform CERT-In within the stipulated time.
    • Notify stock exchanges and investors if the incident materially affects company operations
      .
    • Maintain an incident response plan to contain, investigate, and recover from attacks.
  • All such events must be documented, with post-incident reviews and corrective measures undertaken.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

restbetrestbet girişrestbet güncel girişlimanbetlimanbet girişbetebetbetebet girişkavbetkavbet girişmavibetmavibet girişartemisbetartemisbet girişmatadorbetmatadorbet girişmatadorbet güncel girişzirvebetzirvebet girişzirvebet güncel girişzirvebetzirvebet girişzirvebet güncel girişzirvebetzirvebet girişzirvebet güncel girişgoldenbahisgoldenbahis girişgalabetgalabet girişholiganbetholiganbet girişholiganbet güncelbetsmovebetsmove girişbetsmove güncel girişbetciobetcio girişbetcio güncel girişlunabetlunabet girişgoldenbahisgoldenbahis girişholiganbetholiganbet girişholiganbet güncelgoldenbahisgoldenbahis girişzirvebetzirvebet girişzirvebet güncel girişbetciobetcio girişbetcio güncel girişjojobetjojobet girişjojobet güncelkralbetkralbet girişgrandpashabetgrandpashabet girişgrandpashabetgrandpashabet girişgrandpashabetgrandpashabet girişgrandpashabetbetasusbetasus giriş