In the wake of the recent data breach involving the banking system, insurance regulator Irdai is in the process of setting up a cyber security framework to thwart any such incident in future. The Insurance Regulatory and Development Authority of India (Irdai) said it will be a comprehensive framework for the sector. The watchdog will also put in place an appropriate mechanism to mitigate these risks.
“In this connection, it has been decided to form two separate working groups for life and non-life sectors (including health) comprising CIOs of insurers to discuss and decide on the issues related to cyber security,” it said in a circular.
In the latest cyber security breach, the Indian banking system was hit by the debit card fraud in which some 32 lakh cards are reported to have been affected. The guidelines for the Irdai framework on cyber security are expected to be issued by March 2017.
The broad contours of working groups include putting forth recommendations to mitigate present internal and external threats to insurers and bolstering the IT backbone, enhancing measures to prevent cyber fraud and improve business continuity and disaster recovery, and assessing the impact of legal risks arising out of cyber laws.
Irdai has asked the working groups to submit their reports by the end of January 2017. Based on the report, an exposure draft will be released for comments from stakeholders, it added.