IRDAI Guidelines on Cyber Security


Latest cyber-attacks have prompted IRDAI (Insurance Regulatory & Development Authority of India) to devise the IRDAI Cyber Security Guidelines to design a system that will provide utmost security and defence against consumer data breaches. Customer data is what the insurance industry is running on, and any misuse in it will pose a threat to consumers ‘ personal data.

IRDAI requested all the 54 insurance firms in India to nominate their CIOs to engage in two working groups in order to formulate cyber-security guidelines. One was for life insurance and the other was also for all other insurance, including health insurers.

By educating all businesses to add SSL Certificates on their websites, we have pioneered the cybersecurity method, here is the SSL Certificate list for you to search.

IRDAI Guidelines

In January 2017, before IRDAI, the proposals / framework designed by the two groups were presented and then collected by IRDAI on April 7, 2017 into Cyber-security guidelines. A few of the main highlights are given below:

Third party intervention:

Both the insurers were bound by the rules. Under the event that there is a third party with which the customer’s personal data is exchanged, it will be the insurers’ duty to ensure appropriate security techniques to maintain the integrity of the data.

Appointment of Chief Information security officer ( CISO):

The IRDAI demanded all insurers to designate as CISO an acceptable and competent officer who will be responsible for introducing all data protection policies and setting up the Information Management Committee (ISC)

GAP Analysis Report:

By June 30, 2017, the IRDAI had applied for the gap analysis survey. This is a tool for evaluating the disparity in the output of existing applications / software. In general, this article provides an outline of where we are now in the race for cyber defence plans and where we may be at present.

Cyber Crisis Management Plan (CCMP):

According to the circular, IRDAI requested insurers to take the appropriate measures to detect and address problems with data protection and network infrastructure in order to secure confidential information from any external or internal threat. The circular also said that insurers must ensure that their infrastructure in the area of information and computer technology (ICT) is up to date.

Action Plan

We would conclude that in their defence system and current policies, it is the best time for insurance firms to examine the abyss. A need has now been recognised for a specialised compliance unit that can collaborate with the organisation’s other teams and can resolve any data protection concerns on a high priority basis.

As part of the proposed system, the regulator needs to stress the significance of data protection and improved user authentication and guide businesses to follow universal data standards to build a protected infrastructure, some security experts claim.