Listen to this article
IRDAI has asked insurance companies and insurance intermediaries like brokers, corporate agents, insurance marketing firms and web aggregators to report cyber incidence to IRDAI and Cert-In within 24 hours of the incident.
This timeline has been extended from 6 hours to 24 hours because of non-compliance. IRDAI said, “It is observed that the Regulatory Entities are not adhering to the timelines and also not keeping the Authority in loop in their communications to CertIn.”
Further, IRDAI has asked insurers and intermediaries to keep updating the progress of incidents every 24 hours.
Agents have been exempted from following cyber security guidelines since they use platforms offered by insurers to distribute policies digitally.