Cybersecurity
July 16, 2026

Understanding CERT-In Reporting Requirements for Phishing Attacks

Explore the CERT-In reporting requirements for phishing attacks, ensuring compliance for enterprises in India and beyond.

Phishing attacks continue to pose significant threats to organizations globally, including in India. With the rise in cybercrime, the Indian Computer Emergency Response Team (CERT-In) has laid down specific reporting requirements to combat phishing and other cyber threats. Understanding these requirements is crucial for compliance officers, CISOs, and risk managers in regulated sectors such as banking, healthcare, and SaaS.

What is CERT-In?

CERT-In is the national agency designated to respond to computer security incidents in India. Established in 2004, it plays a vital role in enhancing cybersecurity resilience across the country. By providing timely alerts, guidance, and incident response support, CERT-In helps organizations mitigate cyber risks effectively.

Organizations in various sectors, including banking, insurance, and manufacturing, must adhere to CERT-In's guidelines to ensure compliance and safeguard sensitive information.

Importance of Reporting Phishing Attacks

Phishing attacks involve tricking individuals into divulging sensitive information such as passwords or credit card numbers through deceptive emails or websites. Reporting these incidents is essential for several reasons:

  • Incident Response: Quick reporting allows CERT-In to respond to and mitigate active threats.

  • Data Protection: Timely reporting helps protect sensitive data and maintain customer trust.

  • Trend Analysis: Reports enable CERT-In to track phishing trends and develop better countermeasures.

  • Legal Compliance: Compliance with reporting requirements helps organizations avoid legal repercussions.

CERT-In Reporting Requirements for Phishing Attacks

Organizations must adhere to specific reporting guidelines set forth by CERT-In when they encounter phishing incidents. Here's a breakdown of the key requirements:

  • Timeline: Organizations must report phishing incidents within 6 hours of detection.

  • Format: Reports should be submitted in a predefined format, detailing the nature of the incident, affected systems, and actions taken.

  • Contact Information: Include contact details of the reporting individual or team for follow-up inquiries.

  • Incident Description: Provide a comprehensive description of the phishing attack, including methods used and potential impact.

  • Remedial Measures: Document the steps taken to contain the incident and prevent future occurrences.

Steps to Report Phishing Incidents to CERT-In

To ensure compliance with CERT-In's reporting requirements, organizations should follow these steps:

  1. Identify the Incident: Recognize phishing attempts through employee reports or automated detection tools.

  2. Assess the Impact: Determine the extent of the attack, including affected systems and data.

  3. Contain the Threat: Implement measures to mitigate the immediate threat and prevent further damage.

  4. Document the Incident: Keep detailed records of the attack, including screenshots, emails, and system logs.

  5. Prepare the Report: Compile the information as per CERT-In's format and guidelines.

  6. Submit the Report: Send the report to CERT-In via the designated channels, ensuring timely submission.

  7. Follow-Up: Be prepared for follow-up inquiries from CERT-In regarding the incident.

Comparison of CERT-In Requirements with Global Standards

While CERT-In has specific reporting requirements, global standards like the NIST Cybersecurity Framework and ISO 27001 also emphasize timely reporting of phishing incidents. Below is a comparison of key aspects:

AspectCERT-InNISTISO 27001
Reporting Timeframe6 hoursAs soon as possibleWithin a specified period
FormatPredefined formatFlexible, based on incident severityDefined in the ISMS policy
Contact InformationRequiredRecommendedRequired
Incident DescriptionComprehensive details mandatoryContext-based reportingDetailed reporting required
Remedial MeasuresDocumented actions requiredRecommended but not mandatoryRequired as part of ISMS

Challenges in Compliance

Organizations often face several challenges when it comes to complying with CERT-In's reporting requirements:

  • Lack of Awareness: Employees may not recognize phishing attempts, leading to delayed reporting.

  • Complex Incident Response: Rapidly evolving phishing techniques can complicate incident detection and response.

  • Resource Constraints: Smaller organizations may lack dedicated cybersecurity teams to manage reporting effectively.

  • Integration Issues: Organizations using multiple systems may struggle to consolidate incident data for reporting.

Best Practices for Compliance

To enhance compliance with CERT-In's reporting requirements, organizations should consider the following best practices:

  • Regular Training: Conduct frequent training sessions for employees to recognize phishing attempts.

  • Incident Response Plan: Develop and regularly update an incident response plan that incorporates CERT-In's guidelines.

  • Automation Tools: Implement automated tools for detecting and reporting phishing attacks.

  • Collaboration: Foster collaboration between IT, compliance, and legal teams to streamline reporting processes.

  • Continuous Monitoring: Establish continuous monitoring systems to detect phishing attempts proactively.

Key takeaways

  • Phishing attacks are a critical cybersecurity threat that requires timely reporting to CERT-In.

  • Organizations must report incidents within 6 hours using a predefined format.

  • Understanding the nature and impact of phishing attacks is essential for effective incident response.

  • Compliance with CERT-In reporting requirements helps protect sensitive data and maintain regulatory standing.

  • Best practices, including training and incident response planning, can enhance compliance efforts.

#cert-in
#phishing
#cybersecurity
#compliance
#reporting
#risk management

Ready to operationalize your compliance program?

ComplianceHQ unifies your regulations, controls, evidence, risks and audits — powered by AI. Start free or book a personalized demo.