New Delhi | The rapid expansion of artificial intelligence has created a new and more complex cybersecurity challenge for the insurance sector. Security frameworks developed over years to counter traditional threats such as phishing, ransomware, and data leaks are now showing signs of strain against AI-driven fraud and advanced cyberattacks. In response, the Insurance Regulatory and Development Authority of India IRDAI has asked insurance companies across the country to submit a detailed report on their cybersecurity preparedness.
According to sources, IRDAI has issued an advisory email directing insurers to assess AI-related cyber risks, identify vulnerabilities, and evaluate their response capabilities. Companies have been asked to submit the report by May 22. The move is being seen as a “proactive supervision” strategy aimed at assessing emerging threats before they escalate into large-scale crises.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
Experts believe that many insurance companies are still relying on legacy security models, even as AI is fundamentally reshaping risk structures. The growing use of AI in underwriting, claims processing, and customer service has improved efficiency but has also significantly increased exposure to sensitive data and system vulnerabilities.
Industry specialists warn that the threat is no longer limited to hacking or data theft. AI-generated fake claims, synthetic identities, and advanced document manipulation are emerging rapidly. Medical reports, vehicle damage images, and identity documents are now being altered using AI tools, making it increasingly difficult for insurers to distinguish between genuine and fraudulent claims.
In recent years, several major data breaches have further intensified concerns. A large-scale data leak involving Star Health Insurance exposed the personal information of millions of customers, sending shockwaves across the sector. Other cyberattacks on insurance companies have also highlighted weaknesses in existing systems.
The insurance industry handles vast amounts of digital data, including sensitive information of hundreds of millions of policyholders. Health insurance, the largest segment, alone covers a massive customer base, making the potential impact of AI-driven cyberattacks extremely wide-ranging and severe.
Experts also note that while current cybersecurity guidelines are structurally strong, they do not explicitly address AI-specific risks such as model bias, adversarial attacks, or vulnerabilities in automated decision-making systems. This has created a significant regulatory gap.
Cybersecurity and legal experts argue that AI is also making attackers more efficient and precise. Cybercriminals can now identify system vulnerabilities within hours and exploit them at a speed that previously took weeks or even months.
Meanwhile, insurance companies are being forced to strengthen their IT infrastructure, third-party vendor risk management, and data governance frameworks. The regulator’s move is widely seen as an early signal that AI-specific cybersecurity standards may soon become mandatory.
Industry observers suggest that this exercise is not merely a compliance requirement but could form the foundation for a future AI regulatory framework. As the insurance sector becomes increasingly digital and AI-driven, the nature of risk is evolving rapidly, making it essential for security systems to adapt accordingly.
