MUMBAI: With the rising incidents of public falling victims to cyber crimes, Securities and Exchange Board chairman Tuhin Kanta Pandey has called for constant vigilance, regular incident-response drills, and forensic readiness to protect stock exchanges and investors from such escalating online threats.

Speaking at a cybersecurity training programme at the Sebi-run National Institute of Securities Markets (NISM) near here on Thursday, Pandey, according to the speech shared by Sebi late last night, warned that even the perception of vulnerability can unsettle markets, irrespective of the immediate financial losses.

Recalling the July 2010 Nasdaq breach, where hackers had gained accessed to a system used by corporate boards to share confidential documents, he noted that while trading was unaffected, the incident “deeply shook the confidence of the market in general and investors in particular.” On July 18, attack a Russian cyber hack had compromised the world’s largest tech-stocks listed trading platform primarily targeted the exchange’s directors desk portal but not limited to it.

Sebi has, in recent years, strengthened cybersecurity norms, mandated regular cyber audits, and tightened reporting on technical glitches across exchanges, clearing corporations, depositories, and market intermediaries, Pandey said, adding “safeguarding these market utilities is essential for capital formation, investor trust, and economic resilience.”

Reeling out the numbers of cyberattacks in the country, he said such attacks are no longer rare as the country has seen over 2 million security incidents in 2024, according to CERT-In, nearly double the pre-pandemic levels.

 “A small glitch in a trading algorithm can trigger market disruption in milliseconds. A misconfigured server can give malicious actors a way in. A compromised account can lead to damaging data leaks,” Pandey said, citing the August 2012 Knight Capital trading fiasco that caused $440 million in losses due to faulty trading software.

On August 1, 2012, the NYSE trader Knight Capital had a major trading glitch that resulted in a loss of $440 million within 45 minutes. This occurred due to a software deployment error where a dormant algorithm, the ‘Power Peg,’ was inadvertently reactivated on one of its eight servers. The glitch caused the system to flood the market with buy orders, significantly impacting the prices of 148 NYSE-listed stocks. Knight's trading volume constituted more than 50% of the total trading volume on the NYSE during the affected period.

Pandey also stressed that internal lapses, such as inadequate checks, rushed deployments, or overlooked processes, can also be as damaging as external threats. “Technology risk isn’t always about defending the gates. Sometimes it’s about ensuring that the castle’s own walls are strong,” he said.

Underlining the role of human factor as a critical line of defence, Pandey noted that negligence and phishing attacks often open the door to breaches.  “Proactive measures reduce both the probability as well as the impact of incidents. Reactive measures merely limit damage after trust has already been dented,” he said.

In closing, the chairman told the participants that their quiet efficiency would likely never make headlines, but that the absence of crisis is their greatest professional achievement. “Behind the seamless flow of billions in our markets lies your invisible vigilance,” he concluded.