Connect with us

Policy Watch

Protecting Sensitive Data: All You Need To Know About IRDAI’s Latest Guidelines for Cybersecurity in Insurance

Published

on

IRDAI Issues Guidelines to Strengthen Cybersecurity in Insurance Industry

NEW DELHI: The Insurance Regulatory and Development Authority of India (IRDAI) has issued revised guidelines to enhance the cybersecurity practices of insurers and intermediaries. The guidelines aim to strengthen the industry’s defenses against cyber threats and improve its governance mechanisms.

The new guidelines, called “IRDAI Information and Cyber Security Guidelines, 2023,” aim to improve the protection of policyholders’ data, enhance cybersecurity, and strengthen the overall risk management framework of insurance companies.

The insurance industry has been rapidly adopting digital technologies to enhance customer experience and streamline operations. However, this has also led to an increase in cyber attacks, which have compromised sensitive data and caused significant financial losses to companies and their clients.

ALSO READ: Want To Become A Future Crime Researcher? Join The Future Crime Research Foundation

The initial guidelines covering information and cybersecurity practices for insurers were issued in 2017. The guidelines were extended to all insurance intermediaries in 2022, including brokers, corporate agents, web aggregators, third-party administrators (TPAs), insurance marketing firms (IMFs), insurance repositories, insurance self network platform (ISNP), corporate surveyors, motor insurance service providers (MISPs), common service centres (CSCs), and the Insurance Information Bureau of India (IIB).

The revised guidelines require insurers and intermediaries to take necessary measures to secure their systems and data against cyber threats. These include the implementation of appropriate security controls, incident response plans, and regular security audits. The guidelines emphasize the importance of adopting a risk-based approach to information and cyber security.

ALSO READ: Cyber Crime Helpline: Reporting Cyber Crime In India? Keep This Information Ready Before Calling 1930!

One guideline specifies that third-party entities should only have access to an insurer’s internal systems for viewing purposes, such as accessing data, proposals, and reports. They should not be able to upload or edit data but only have the ability to view products, proposals, documents, and reports. Another guideline indicates that entities that store an insurer’s non-public data related to policyholders, investments, and other such information should not have the right to access the insurer’s systems to edit or maintain such data.

All insurers and intermediaries are required to comply with these guidelines to ensure the security and confidentiality of sensitive data and protect against potential cyber threats. Entities that have already completed a security audit for FY 2022-23 must ensure compliance with these guidelines from the next financial year.

The new guidelines are expected to enhance the security and resilience of the insurance sector and protect the interests of policyholders. The guidelines are also expected to provide a framework for the insurance industry to manage and mitigate cyber risks effectively.

The implementation of these guidelines will go a long way in strengthening the information and cyber security posture of the insurance industry and enhancing trust and confidence among customers.

ALSO READ: Misuse Of ChatGPT: Europol Warns of Potential Risks Posed By Large Language Models On Law Enforcement

Key Highlights of IRDAI Information and Cyber Security Guidelines, 2023

  • IRDAI issues revised guidelines to enhance cybersecurity practices of insurers and intermediaries.
  • Guidelines aim to strengthen industry’s defenses against cyber threats and improve governance mechanisms.
  • Insurers and intermediaries required to implement appropriate security controls, incident response plans, and regular security audits.
  • Guidelines emphasize importance of adopting risk-based approach to information and cyber security.
  • Entities that have completed security audit for FY 2022-23 must ensure compliance with guidelines from next financial year.

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube

Continue Reading