Policy

Irdai forms panel to review security guidelines to deal with cyber-attacks

PTI New Delhi | Updated on February 25, 2021

The economic situation owing to the pandemic has seen an exponential increase in cyber-attacks across the globe and in particular, the financial sector

Insurance sector regulator Irdai on Wednesday said it has formed a committee to review its information and security guidelines due to exponential increase in cyber-attacks across the globe in the wake of Covid-19.

The economic situation owing to the pandemic has seen an exponential increase in cyber-attacks across the globe and in particular, the financial sector. This situation has necessitated regulators to re-look into their Cyber Security Guidelines applicable to all regulated entities in an effort to protect the financial systems, Irdai said in an order.

The Insurance Regulatory and Development Authority of India (Irdai) had issued guidelines on cyber security in April 2017 as a part of its governance mechanism.

An Information Security Commission (ISC), board-approved information and cyber security policy, appointment of chief information security officer and cyber crisis management plan are part of its mandate.

The guidelines also mandate that the insurers’ risk management committee should be responsible for an annual comprehensive assurance audit including conducting of Vulnerability Assessment & Penetration Test (VA&PT) and should report the findings to the Authority.

Also read: Startup funding: Bring amendments to IRDAI to explore institutional support by insurance cos, says Mohandas Pai

“In the light of cyber attacks which the financial sector has been witnessing and in the process of having a structured reporting to analyse the issues to be addressed in a holistic manner at the industry level, it is considered necessary to review IRDAI’s Information & Cyber security Guidelines,” it said in its order.

The review will encompass to understand if there is a need to extend the guidelines for insurers to other entities which are regulated by Irdai, with or without modification.

It will also see how to apply these guidelines to entities which access insurers’ IT systems and how to ascertain minimum security standards are followed by those who access insurers’ IT systems but are not regulated by Irdai.

Also read: IRDAI working group for introduction of index-linked insurance products

Among others, it will see if the guidelines need to be updated to cover cyber security issues of fintech solutions, mobile-based applications, work from remote location and cloud sourcing, among others.

The 14 member committee is to be headed by Institute for Development and Research in Banking Technology (IDRBT) Chairman Janakiram.

Other members of the committee include professionals from insurance companies, Irdai, Data Security Council of India, IISc, IIT Mumbai and ICAI.

A R Nithiyanantham, CGM-IT, Irdai shall be member convenor of the working group. The Committee shall submit its report in two months, Irdai said.

Published on February 25, 2021

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like