As the country’s largest stock exchange processes billions of trading messages every day, cybersecurity has become as critical to the National Stock Exchange (NSE) as its trading engines and clearing systems. The exchange’s Draft Red Herring Prospectus (DRHP) offers a detailed look at the technology and security architecture that protects one of the country’s most important pieces of financial infrastructure.
NSE is no ordinary technology platform. According to the DRHP, the exchange processes an average of 12 billion to 14 billion messages daily and has the capacity to handle nearly five million messages per second. Such scale makes it a potential target for cyberattacks, data breaches and operational disruptions.
Recognising this risk, NSE has been designated as a Critical Information Infrastructure (CII) entity by the National Critical Information Infrastructure Protection Centre. The exchange says it continuously monitors and identifies suspicious cybersecurity activities to enable quick detection and response to potential threats. Significantly, NSE reported zero data breach incidents during FY24, FY25 and FY26.
The DRHP highlights a multilayered defence strategy. Administrative access to servers is controlled through privileged access management systems, while multi-factor authentication is enforced for sensitive access. The exchange has also implemented data encryption technologies to protect confidential information related to trading and clearing members. Its security architecture includes intrusion prevention systems, email security gateways, two tier firewalls, distributed denial of service protection, web application firewalls and malware containment systems.
Resilience extends beyond cybersecurity. NSE operates a primary data centre in Mumbai, a fully mirrored disaster recovery facility in Chennai and a near data centre that replicates data in real time. The exchange conducts full live operations from its disaster recovery site twice a year and regularly performs mock drills to ensure business continuity.
The scale of threats is also evolving. The DRHP notes that NSE’s website faced approximately 395 million hits in just 11 minutes during a DDoS attack in May 2025, although the incident did not materially affect operations. The filing also warns that AI-powered cyberattacks, deepfake-enabled impersonation and sophisticated social engineering techniques could increase future risks.
“We have been designated as a CII by the NCIIPC. We have engineered an agile, robust and resilient infrastructure with continuous investments in technology upgrades and security enhancements to ensure seamless operation of our exchange platform. Our systems operate with combination of fault-tolerant servers (with inbuilt redundancy) and commodity servers, and we maintain a 4:1 ratio for critical telecom links for persistent connectivity. We also have a strong cybersecurity track record and no data breaches of our operations in Fiscals 2026, 2025, and 2024,” NSE said in the DRHP.
As investors focus on NSE’s IPO, the DRHP reveals another reality: behind every trade executed on Dalal Street lies a complex cybersecurity apparatus designed to safeguard India’s financial nerve centre.
