India Ask Companies To Report Cybersecurity Incident Within Six Hours

The Indian government’s new policy requires organizations in the country to report cybersecurity incidents within six hours, including incidents involving vulnerability scans of computer systems.

The measure, along with other measures, was announced by the Indian Computer Emergency Response Team (CERT-In).

They were incorporated into Section 70B of the Information Technology (IT) Act, 2000 and are now part of the Indian law and will come into effect in 60 days.

The types of cybersecurity incidents that need to be reported to CERT-In include targeted scanning /probing of critical networks / systems, critical systems / information, unauthorized access to IT systems/data, defacement of website or intrusion into a website, malicious code attacks, attacks on servers, identity theft spoofing and phishing attacks, DoS and DDoS attacks, and attacks on critical infrastructure.

Others include attacks on applications, data breaches, data leaks, attacks on IoT devices and related devices, attacks or incidents involving digital payment systems, attacks through malicious mobile apps, counterfeit mobile apps, unauthorized access to social media accounts, and attacks or malicious/suspicious activities involving cloud computing systems and applications related to Big Data, Blockchain, virtual assets, and others.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web