The Insurance Regulatory and Development Authority of India (IRDAI) has directed insurers to conduct security audit of their Information and Communication Technology (ICT) infrastructure.
The insurers should take `immediate steps’ for conducting the audit of their systems including Vulnerability Assessment and Penetration Tests (VAPT) through Cert-in empanelled Auditors, identify the gaps and ensure that audit findings are rectified swiftly,’’ it said in a communication.
They should also firm-up their Cyber Crisis Management Plan (CCMP) for handling Cyber incidents more effectively, the regulator said.
The directive on Cyber security audit has come in the wake of some deficiencies. ``Many of the insurers still have not finalised their gap analysis report, Cyber crisis management plan and board approved information and Cyber security policy,’’ it observed.
Stating that ensuring fool-proof ICT infrastructure was of `paramount’ importance it cautioned that any vulnerabilities to ICT might result in compromise on confidentiality of policyholder related information and exposure to sensitive information of the insurance sector and the financial markets in general.
``This would have serious repercussions not only for the Insurance sector but for the financial system of the country as a whole,’’ it added.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.