Take measures to fix cyber security gaps: IRDAI to insurers

Insurers have also been asked to firm up their Cyber Crisis Management Plan (CCMP) for handling cyber incidents more effectively.

PTI| Updated: Oct 13, 2017, 18:30 PM IST

New Delhi: Regulator Irdai has asked insurers to take immediate steps to identify and fix security gaps in information and computer infrastructure with a view to safeguard data and financial system from any vulnerability.

The Insurance Regulatory and Development Authority of India (Irdai) had guidelines on information and cyber security for insurers in April this year.

It, however, said that from the feedback/ updates received from insurers, "it is observed" that many of them still have not finalised their gap analysis report, cyber crisis management plan and board approved information and cyber security policy.

Insurers have also been asked to firm up their Cyber Crisis Management Plan (CCMP) for handling cyber incidents more effectively.

In a circular addressed to all insurers, the regulator said that ensuring that Information and Computer Technology (ICT) infrastructure of insurers are fully secured is of paramount importance.

"Any vulnerabilities to ICT may result in compromise on confidentiality of policyholder related information and exposure to sensitive information of the insurance sector and the financial markets in general," it said.

This would have serious repercussions not only for the insurance sector but for the financial system of the country as a whole, Irdai noted.

"Therefore, insurers are advised to take immediate steps for conducting security audit for their ICT infrastructures including Vulnerability Assessment and Penetration Tests (VAPT) through Cert-in Empanelled Auditors, identify the gaps and ensure that audit findings are rectified swiftly," it said.

It further said the recently registered insurers and re-insurers also must ensure that steps are taken for implementation of the guidelines.