IRDAI asks insurers to run ICT security audit on priority basis

The Insurance Regulatory and Development Authority of India (IRDAI) has directed insurers to conduct security audit of their Information and Communication Technology (ICT) infrastructure.

The insurers should take `immediate steps’ for conducting the audit of their systems including Vulnerability Assessment and Penetration Tests (VAPT) through Cert-in empanelled Auditors, identify the gaps and ensure that audit findings are rectified swiftly,’’ it said in a communication.

They should also firm-up their Cyber Crisis Management Plan (CCMP) for handling Cyber incidents more effectively, the regulator said.

The directive on Cyber security audit has come in the wake of some deficiencies. ``Many of the insurers still have not finalised their gap analysis report, Cyber crisis management plan and board approved information and Cyber security policy,’’ it observed.

Stating that ensuring fool-proof ICT infrastructure was of `paramount’ importance it cautioned that any vulnerabilities to ICT might result in compromise on confidentiality of policyholder related information and exposure to sensitive information of the insurance sector and the financial markets in general.

``This would have serious repercussions not only for the Insurance sector but for the financial system of the country as a whole,’’ it added.