The number of online transactions are increasing and so are cyber threats. To mitigate these threats, IRDAI has released a comprehensive cyber security framework for insurers in which it has proposed that the insurance companies will have to pay a compensation of Rs.5 crore or above to policyholders if they fail to protect data electronically.
This framework covers all four layers of security such as data, applications, operating systems and network layers.
Justifying the need for the framework, the insurance regulator said, “Cyber security in the financial sector has gained importance, more so with the advent of technological innovations. In this connection, IRDAI has planned to come out with a comprehensive information and cyber security framework.”
Cyber security is a crucial area for insurers as they deal with sensitive personal information of clients like PAN no, bank statement, address and so on. The insurance regulator has proposed that insurance companies will have to carry out strict data checks periodically. Emphasis is also placed on security audit, cloud computing and mobile security.
According to the proposal, every insurer will have to form an Information Security Committee (ISC) to ensure compliance to regulatory standards. In addition, IRDAI is planning to make it mandatory for insurers to appoint a Chief Information Security Officer (CISO) who will be responsible for articulating and enforcing the policies.