IRDAI to set up working groups on cyber security

In the wake of recent cyber attacks, the Insurance Regulatory and Development Authority of India (Irdai) is planning to come out with a comprehensive cyber security framework. For this, they have decided to form two separate working groups for life and non-life sector (including health) comprising of chief information officers of insurers to discuss and decide on the issues related cyber security.

The regulator will also implement appropriate mechanism to mitigate cyber risks. The working groups will suggest recommendations with respect to cyber security in order to comprehensively provide for a broad framework to mitigate present internal and external threats to insurers. It will also provide recommendations for effective and comprehensive cyber security audit related processes to provide assurance on the level of IT risks.

Further, it will also suggest scope for enhancement of measures against cyber fraud through preventive and detective mechanisms. The group will identify measures to improve business continuity and disaster recovery and also assess the impact of legal risks arising out of cyber laws.

Insurers have been asked to submit in brief, the present status and future plan of action to meet the challenges related to cyber security. The broad areas in the action plan should relate to securing of data, applications, operating systems and network layers in case of cyber security attacks such as denial of service, phishing, hacking, man-in-middle, malware acts, sniffing and spoofing among others. IRDAI will issue a comprehensive guideline on cyber-security by March 2017.