The Insurance Regulatory and Development Authority of India (Irdai) had guidelines on information and cyber security for insurers in April this year.
It, however, said that from the feedback/ updates received from insurers, "it is observed" that many of them still have not finalised their gap analysis report, cyber crisis management plan and board approved information and cyber security policy.
Insurers have also been asked to firm up their Cyber Crisis Management Plan (CCMP) for handling cyber incidents more effectively.
"Any vulnerabilities to ICT may result in compromise on confidentiality of policyholder related information and exposure to sensitive information of the insurance sector and the financial markets in general," it said.
Also Read
This would have serious repercussions not only for the insurance sector but for the financial system of the country as a whole, Irdai noted.
"Therefore, insurers are advised to take immediate steps for conducting security audit for their ICT infrastructures including Vulnerability Assessment and Penetration Tests (VAPT) through Cert-in Empanelled Auditors, identify the gaps and ensure that audit findings are rectified swiftly," it said.
Disclaimer: No Business Standard Journalist was involved in creation of this content