In a move aimed at bolstering cyber security across the insurance sector, the Insurance Regulatory and Development Authority of India (IRDAI) has issued a directive requiring all insurers and intermediaries to report cyber incidents within 6 hours of detection. This significantly shortens the previous 24-hour reporting window and brings the insurance industry in line with global best practices.
As per the updated guideline, insurance companies and all licensed intermediaries—such as brokers, corporate agents, insurance marketing firms, and web aggregators—must notify both IRDAI and the Indian Computer Emergency Response Team (CERT-In) within 6 hours of any cyber incident. This accelerated timeframe is intended to ensure quicker containment and response to potential threats.
The new regulation also mandates continuous vigilance over all Information and Communication Technology (ICT) systems. Insurers are required to maintain and monitor all ICT infrastructure and application logs for a rolling period of 180 days. This move is expected to strengthen audit trails and facilitate more effective forensic investigations in the event of cyber incidents.
IRDAI’s directive outlines several critical measures that insurers and intermediaries must comply with:
The IRDAI’s updated directive highlights the growing importance of cybersecurity in financial services. With the increasing digitisation of insurance services and sensitive data being handled across digital platforms, this move is a proactive step toward reducing systemic vulnerabilities.
Although these new measures may increase compliance costs and operational overheads, they are expected to enhance the overall cyber resilience of the insurance ecosystem, protecting both insurers and policyholders from potential data breaches and cyber threats.
Disclaimer: This blog has been written exclusively for educational purposes. The securities mentioned are only examples and not recommendations. This does not constitute a personal recommendation/investment advice. It does not aim to influence any individual or entity to make investment decisions. Recipients should conduct their own research and assessments to form an independent opinion about investment decisions.
Investments in the securities market are subject to market risks, read all the related documents carefully before investing.
Published on: Apr 1, 2025, 3:10 PM IST
Team Angel One
We're Live on WhatsApp! Join our channel for market insights & updates