← Back to insights
Playbook · Cyber Law 29 Jun 2026 · 4 min read

Your first two hours after a cyber incident: a playbook for regulated fintechs

Your first two hours after a cyber incident: a playbook for regulated fintechs

What changed

RBI and CERT-In now expect material cyber incidents to be triaged and reported within hours, not days. Most enforcement findings come from operational lag — unclear severity, missing logs, and late regulator intimation.

Do this week

  • Assign severity tiers (P1–P4) with named owners in legal, infra, and comms
  • Run a 45-minute tabletop on a npm compromise or UPI webhook leak scenario
  • Confirm India-region immutable logs cover the last 180 days for crown-jewel systems
  • Publish a one-page board escalation matrix with phone numbers, not email-only chains

What can wait

  • Buying new SOC tooling if runbooks and ownership are still undefined
  • Full cyber insurance renewal until incident roles are documented

When to call counsel

  • Customer money, payment rails, or large-scale personal data is affected
  • You cannot prove log integrity or chain of custody for forensic images
  • A law-enforcement or regulator request arrives before internal triage completes

SB Tech Associates: We publish practical briefs — not legal memos. Verify the official notification and get advice on your specific facts before relying on this summary.

Book a Cyber Law briefing →

This publication is for general information only and does not constitute legal advice. Regulatory positions evolve; verify current notifications and obtain counsel before acting. © 2026 SB Tech Associates.