The cyber-attack on Central Depository Services (India) Limited (CDSL), which holds the dematerialised shares, mutual funds and other securities of retail and corporate investors, should be treated as a threat to national security itself.

By R Jagannathan

Trade and settlement activities on CDSL were impacted on Friday (18 November) after the depository reported cyber attacks on some of its internal machines.

As a result, brokers linked to the depository could not complete pay-in, pay-out and pledging or release of shares offered as margins in trades.

The services were restored on Sunday, and Friday’s settlement was reportedly completed on Sunday, after system checks and validations, according to the market infrastructure provider.

However, despite the relatively quick restoration of services, both market regulator Securities and Exchange Board of India (SEBI), and the Computer Emergency Response Team (Cert-In), the central agency to assess cyber threats, need to study the breaches with a fine toothcomb and ensure that no further breaches are ever possible.

There are three reasons why the CDSL breaches are more than just a limited threat to customer data or security.

First, the CDSL, along with the bigger National Securities Depository Limited (NSDL), is one of the prime repositories of national wealth.

Between them they hold, in dematerialised form, records of assets worth more than Rs 320 trillion (over Rs 320 lakh crore), a figure much higher than the GDP (gross domestic product) of India.

The last budget had projected a GDP of Rs 258 lakh crore, which will surely be higher due to the impact of higher inflation. Concerns will rise in the markets and among investors if their dematerialised assets are seen to be under threat or even immobilised for some days. It is a problem we simply cannot afford.

Second, CDSL is the smaller depository of the two, with assets worth nearly Rs 4 lakh crore (against Rs 320 lakh crore for NSDL), but CDSL is much larger in terms of the number of retail investors it has fiduciary responsibilities to – 75 million demat accounts against NSDL’s 30 million, according to a story in Business Standard.

So, any problem at CDSL will have as big an impact as in NSDL, given the number of investors involved.

Third, even if the problem is isolated in some accounts and in one part of one depository, there will be an impact on the other depository as well, as sales by one investor with a demat account in CDSL may, through the netting process, impact receipts at the other depository too.

So, no, the problem cannot be easily isolated if it is big enough. It will have systemic impact, and not just restricted to depositories. It will impact markets, brokers, share and bond prices, and investor confidence.

Consider the potential damage if a small breach, through the spread on fake news on social media, is escalated into something big by our enemies during a period of war or conflict?

Simple takeout: the CDSL breach should be a warning sign that no breach is too small to be investigated deeply and measures taken to make systems triply fail-safe. An audit is required not only at CDSL, but NSDL too.

Any cyber attack on a depository is an attack on national wealth, national security.

This article first appeared in and it belongs to them.