The regulator had brought out guidelines in April 2017 on Information and Cyber Security for insurers
Insurance Regulatory and Development Authority of India (IRDAI) has given insurers time till October 17 to give details about their plan of action on the cyber security front. The regulator said that many insurers have not yet finalised the gap analysis report, cyber crisis management plan and cyber security policy.
The regulator had brought out guidelines in April 2017 on information and cyber security for insurers. IRDAI said that ensuring that information and computer technology (ICT) infrastructure of insurers are fully secured is of paramount importance.
“Any vulnerabilities to ICT may result in a compromise on confidentiality of policyholder related information and exposure to sensitive information of the insurance sector and the financial markets in general,” said IRDAI.
It added that this would have serious repercussions not only for the insurance sector but for the financial system of the country as a whole.
Therefore, insurers have been advised to take immediate steps for conducting a security audit for their ICT infrastructure including vulnerability assessment and penetration tests (VAPT) through cert-in empanelled auditors, identifying the gaps and ensuring that audit findings are rectified swiftly.Insurers have also been asked to firm up their cyber crisis management plan (CCMP) for handling cyber incidents more effectively. Also, IRDAI said that in case chief information security officers (CISOs) have not yet been appointed by the recently registered entities, they are advised to ensure that they are appointed immediately.