wordpress blog stats
Connect with us

Hi, what are you looking for?

Cybersecurity rules: Only 15 entities reported incidents within the stipulated 6 hours, RTI reveals

The number appears negligible in comparison to a staggering ~14 lakh cybersecurity incidents reported to CERT-In in 2022

Only 15 entities reported cybersecurity incidents to India’s cybersecurity agency within the 6-hour timeline stipulated by the cybersecurity rules that went into effect last year, a Right to Information (RTI) response received by MediaNama on March 6 revealed.

As per the cybersecurity rules issued by the Indian Computer Emergency Response Team (CERT-In) in April 2022, all entities must mandatorily report cyber incidents to CERT-In “within 6 hours of noticing such incidents or being brought to notice about such incidents.” The rules went into effect last year on June 28 for larger businesses, and September 25 for Micro, Small & Medium Enterprises (MSMEs).

STAY ON TOP OF TECH POLICY: Our daily newsletter with top stories from MediaNama and around the world, delivered to your inbox before 9 AM. Click here to sign up today!

“How many entities have reported cybersecurity incidents to CERT-In within 6 hours since the [cybersecurity] directions went into effect?” MediaNama had asked CERT-In in its RTI request filed in February.

Nearly 14 lakh cybersecurity incidents reported in total in 2022: In a separate response filed in the parliament, the IT Ministry revealed that a total of 13,91,457 cybersecurity incidents were reported to CERT-In in 2022. When compared to this staggering number, only a negligible amount of incidents appear to have been reported within 6 hours.

Why does this matter: As we highlighted when the cybersecurity directions were announced, a 6-hour window is extremely short for most entities to report cybersecurity incidents for various reasons (covered in articles shared below). It is also shorter than global standards. For these reasons, we had reported that most entities will be unable to comply with the 6-hour mandate. The number of reported incidents revealed by CERT-In confirms this to be true.

Advertisement. Scroll to continue reading.

Why a 6-hour window is unrealistic: Here’s our past coverage on the various concerns with the cybersecurity rules, including why the 6-hour window is unrealistic and needs to be changed:

  • Why India’s New Cybersecurity Directive Is A Bad Joke
  • How India Can Improve Its Cybersecurity Directions #NAMA
  • India’s Cybersecurity Directive Goes Against Security, Tech Companies Argue
  • Fact Check: Do Other Countries Have Lesser Than 6 Hours To Report Cybersecurity Incidents?
  • Global Coalition Criticises India’s Cybersecurity Directive

This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.

Written By

Free Reads


Vaishnaw's remarks come a day after Google removed apps belonging to Matrimony.com, Info Edge (Naukri and 99 Acres), Shaadi.com, Altt, Truly Madly, Stage, Quack...


Paytm has started distancing itself from PPBL in light of the current negative spotlight on PPBL.


The move can be seen as an attempt by Paytm to distance itself from the troubled Paytm Payments Bank, which has been significantly restricted...

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...


Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...


The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...


Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...


Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ