Module: | SEBI LODR & Corporate Governance Frameworks
Q8: Consider the following statements regarding Cyber Security Incident Reporting and Board oversight for listed entities as of late 2025:
1. Listed entities are required to report severe cyber security incidents to the stock exchanges within 24 hours of detecting the breach.
2. The Board of Directors is strictly prohibited from delegating cyber security oversight to the Risk Management Committee.
3. Entities must disclose in their annual report the details of cyber security incidents that caused a material disruption to their operations.
Which of the above statements is/are incorrect?
2. The Board of Directors is strictly prohibited from delegating cyber security oversight to the Risk Management Committee.
3. Entities must disclose in their annual report the details of cyber security incidents that caused a material disruption to their operations.
Which of the above statements is/are incorrect?
✅ Correct Answer: B
🎯 Quick Answer:
B. Only 2 is incorrect.Structural Breakdown: Statement 1 is correct; alignment with CERT-In guidelines requires material breaches to be reported within 24 hours.
Statement 2 is incorrect; the Board typically assigns oversight to the Risk Management Committee.
Statement 3 is correct.
Historical/Related Context: With the rapid digitization of financial services, regulatory bodies shifted cyber security from an IT problem to a critical corporate governance issue.
Causal Reasoning: Prompt reporting prevents insider trading based on undisclosed breaches.