Many insurers have failed to implement information and cyber security measures, six months after the industry regulator, the IRDAI, issued guidelines on the matter.
“From the feedback/updates received from insurers, it is observed that many of the insurers still have not finalised their Gap Analysis report, Cyber Crisis Management Plan and board approved Information & Cyber Security Policy,” said the IRDAI in a statement.
The regulator said: “Insurers are advised to take immediate steps to conduct a security audit of their ICT infrastructures including Vulnerability Assessment and Penetration Tests (VAPT) through Cert-in empanelled auditors, identify the gaps and ensure that audit findings are rectified swiftly.”
Insurers are also asked to firm up their Cyber Crisis Management Plan (CCMP) for handling cyber incidents more effectively.
The IRDAI also advised insurers which have not complied with the timelines given in the April 2017 guidelines to scale up their activities to comply with them.
The regulator said that any vulnerabilities to ICT systems might compromise policyholder related information and result in exposure of sensitive information of the insurance sector and the financial markets.
"This would have serious repercussions not only for the insurance sector but for the financial system of the country as a whole,’’ it added.