← Back to insights
Playbook · Cyber Law
29 Jun 2026 · 4 min read
Your first two hours after a cyber incident: a playbook for regulated fintechs
Updated: 29 Jun 2026 · For: CISOs, CTOs and GCs at regulated tech companies
What changed
RBI and CERT-In now expect material cyber incidents to be triaged and reported within hours, not days. Most enforcement findings come from operational lag — unclear severity, missing logs, and late regulator intimation.
Do this week
- Assign severity tiers (P1–P4) with named owners in legal, infra, and comms
- Run a 45-minute tabletop on a npm compromise or UPI webhook leak scenario
- Confirm India-region immutable logs cover the last 180 days for crown-jewel systems
- Publish a one-page board escalation matrix with phone numbers, not email-only chains
What can wait
- Buying new SOC tooling if runbooks and ownership are still undefined
- Full cyber insurance renewal until incident roles are documented
When to call counsel
- Customer money, payment rails, or large-scale personal data is affected
- You cannot prove log integrity or chain of custody for forensic images
- A law-enforcement or regulator request arrives before internal triage completes
SB Tech Associates: We publish practical briefs — not legal memos. Verify the official notification and get advice on your specific facts before relying on this summary.
This publication is for general information only and does not constitute legal advice. Regulatory positions evolve; verify current notifications and obtain counsel before acting. © 2026 SB Tech Associates.