Insurance regulator issues caution to companies for not meeting deadline in reporting cyber incidents
On Wednesday, the Insurance Regulatory and Development Authority of India (IRDAI) expressed concern over insurance companies failing to adhere to the required six-hour timeline for reporting cyber incidents.
According to a circular issued by the IRDAI, it has been observed that many regulated entities are not meeting the specified timelines and are also neglecting to keep the authority informed in their communications with the Indian Computer Emergency Response Team (CERT-In), the government’s nodal agency for handling cybersecurity threats. In light of this, all regulated entities have been directed to strictly comply with the provisions regarding incident reporting to both the IRDAI and CERT-In.
The IRDAI also emphasized the need to update the reporting format, ensuring that information obtained from forensic analysis is shared within 24 hours of its availability.
Earlier this year, on April 24, 2023, the IRDAI introduced the Information and Cyber Security Guidelines, 2023. These guidelines stated that insurance companies must report any cyber incidents to CERT-In within six hours of their discovery, while also providing a copy of the report to the IRDAI and other relevant authorities.
According to reports, Indian insurance firms face a staggering number of cyber-attacks daily, with over 1.6 million attempts being blocked in January alone.
Disclaimer: Prre.site is not liable for any damages arising from the use of this website or its content.