CALCULATE YOUR SIP RETURNS

IRDAI Tightens Cybersecurity Norms: 6-Hour Reporting Rule for Insurers and Intermediaries

Written by: Team Angel OneUpdated on: Apr 1, 2025, 3:10 PM IST
IRDAI now requires insurers and intermediaries to report cyber incidents to both IRDAI and CERT-In within 6 hours, tightening its earlier 24-hour rule.
IRDAI Tightens Cybersecurity Norms: 6-Hour Reporting Rule for Insurers and Intermediaries
ShareShare on 1Share on 2Share on 3Share on 4Share on 5

In a move aimed at bolstering cyber security across the insurance sector, the Insurance Regulatory and Development Authority of India (IRDAI) has issued a directive requiring all insurers and intermediaries to report cyber incidents within 6 hours of detection. This significantly shortens the previous 24-hour reporting window and brings the insurance industry in line with global best practices.

New Compliance Timeline: 6-Hour Cyber Incident Reporting

As per the updated guideline, insurance companies and all licensed intermediaries—such as brokers, corporate agents, insurance marketing firms, and web aggregators—must notify both IRDAI and the Indian Computer Emergency Response Team (CERT-In) within 6 hours of any cyber incident. This accelerated timeframe is intended to ensure quicker containment and response to potential threats.

Enhanced Monitoring and Infrastructure Requirements

The new regulation also mandates continuous vigilance over all Information and Communication Technology (ICT) systems. Insurers are required to maintain and monitor all ICT infrastructure and application logs for a rolling period of 180 days. This move is expected to strengthen audit trails and facilitate more effective forensic investigations in the event of cyber incidents.

Key Requirements Under the New Cybersecurity Framework

IRDAI’s directive outlines several critical measures that insurers and intermediaries must comply with:

  • Time-Synchronised Systems: All ICT systems must align with the official Network Time Protocol (NTP) of India to ensure consistency in event logging and forensic analysis.

  • Cyber Crisis Preparedness: Insurers are now obligated to maintain a Cyber Crisis Management Plan, enabling swift action in case of a cyber attack or data breach.

  • Certified Investigators Only: In the event of a serious cyber issue, investigations must be conducted solely by CERT-In-certified experts to ensure credibility and adherence to standard protocols.

  • Strict Adherence to CERT-In Guidelines: Insurers must fully comply with the cybersecurity guidelines laid out by CERT-In to maintain uniformity in protection and response standards.

  • Avoiding Conflicts of Interest: Companies involved in identifying cyber risks must not be the same as those conducting the investigation. This separation of duties ensures objectivity and transparency.

  • Mandatory Board-Level Oversight: All entities—insurers and intermediaries—must report their compliance status to their respective Boards of Directors and submit the meeting minutes to IRDAI as evidence of adherence.

Strengthening Cyber Resilience in the Insurance Sector

The IRDAI’s updated directive highlights the growing importance of cybersecurity in financial services. With the increasing digitisation of insurance services and sensitive data being handled across digital platforms, this move is a proactive step toward reducing systemic vulnerabilities.

Although these new measures may increase compliance costs and operational overheads, they are expected to enhance the overall cyber resilience of the insurance ecosystem, protecting both insurers and policyholders from potential data breaches and cyber threats.

Disclaimer: This blog has been written exclusively for educational purposes. The securities mentioned are only examples and not recommendations. This does not constitute a personal recommendation/investment advice. It does not aim to influence any individual or entity to make investment decisions. Recipients should conduct their own research and assessments to form an independent opinion about investment decisions. 

Investments in the securities market are subject to market risks, read all the related documents carefully before investing.

Published on: Apr 1, 2025, 3:10 PM IST

Team Angel One

Team Angel One is a group of experienced financial writers that deliver insightful articles on the stock market, IPO, economy, personal finance, commodities and related categories.

Know More

We're Live on WhatsApp! Join our channel for market insights & updates

Open Free Demat Account!

Join our 3 Cr+ happy customers

+91
Enjoy Zero Brokerage on Equity Delivery
4.4 Cr+DOWNLOADS
Enjoy ₹0 Account Opening Charges

Get the link to download the App

Get it on Google PlayDownload on the App Store
Open Free Demat Account!
Join our 3 Cr+ happy customers