IRDAI has advised all insurance companies to promptly inform cyber security related incidents, as it came to know that many insurers were not adhering to the timelines and compliance in reporting such communication with Cert-In, vide a circular dated June 13, 2023.
Insurers are required to report cyber incidents to Cert-In (Indian Computer Emergency Response Team) within 6 hours of noticing or being notified about cyber-attacks, with a copy to IRDAI and other designated regulators and authorities.
Insurers must refer and follow the IRDAI Information and Cyber Security Guidelines for reporting purposes and submit necessary details in a prescribed format within 24 hours, to be updated with forensic analysis and any new information.
This will enhance cyber security and develop a secure environment for the policyholders and insurance sector, by prompting a swift response to prevent further damage and mitigate risks. Any failure to do so could invite penalties or regulatory consequences for the insurers.