Simon Sharwood reports:
India’s rules requiring local organizations to report infosec incidents within six hours of detection have been observed by a mere 15 entities.
India’s Computer Emergency Response team (CERT-In) revealed that low, low, level of compliance in response to a Right to Information (RTI) request filed by Indian tech news outlet MediaNama, which reported the news on Tuesday.
The rules requiring six-hour disclosure were announced without warning in April 2022, and justified by CERT-In as necessary to fill gaps in its understanding of the threats facing local organizations.
Read more at The Register.