In a recent press conference, the Insurance Regulatory and Development Authority of India (IRDAI) expressed its plans to develop a comprehensive guideline of cyber security by March 2017. It has already initiated a process of evolving a cyber security framework with several insurance companies.
The decision comes in the backdrop of recent cyber attacks, particularly in the banking sector which compromised the confidential data of more than 32 lakh debit cards. The IRDAI will form separate working groups for both life and non-life including the health sector. They will comprise of CIOs of insurance companies who will consider cyber-security related issues.
These groups will provide recommendations to develop a broad cyber security framework, which in turn will help insurers in mitigating their internal and external risks. They will focus on a combination of preventive and detective mechanisms to provide protective measures against cyber fraud and means to improve business continuity along with disaster recovery.
The working groups will submit their report by January 2017, following which the IRDAI will come up with an exposure draft. The IRDAI has also asked the insurers to submit a desirable plan of action to meet cyber security threat related challenges. The action plan will focus on major cyber security issues like phishing, hacking, sniffing, snooping, service denial etc.