The Insurance Regulatory and Development Authority of India (Irdai) has formed a working group committee to relook its information and security guidelines amid the exponential increase in cyberattacks across the globe in the wake of covid-19.

"The economic situation owing to Covid-19 pandemic has seen an exponential increase in cyber-attacks across the globe and in particular, the financial sector. This situation has necessitated Regulators to re-look into their Cyber Security Guidelines applicable to all regulated entities to protect the financial systems," Irdai's said in its statement on Wednesday.

Earlier, in April 2017, the regulator had issued guidelines on cybersecurity as a part of its governance mechanism. The mandate also included the Information Security Committee (ISC), Board-approved Information & Cyber Security Policy, Appointment of Chief Information Security Officer (CISO), and Cyber Crisis management plan (CCMP).

The guidelines mandate that the Insurers’ Risk Management Committee should be responsible for an annual comprehensive assurance audit, including conducting of Vulnerability Assessment & Penetration Test (VA&PT) and should report the findings to IRDAI.

"In the light of Cyber Attacks which the financial sector has been witnessing and in the process of having a structured reporting to analyse the issues to be addressed holistically at the Industry level, it is considered necessary to review IRDAI’s Information & Cybersecurity Guidelines," as per the Irdai order.

The committee will review whether to extend the applicability of guidelines for insurers to other entities, which are regulated by IRDAI, with or without modification. The committee will also look at how to apply the Guidelines to the extent applicable to entities that access Insurers IT System and how to ascertain that minimum Security Standards are followed by those entities which access Insurers IT Systems, though those are not regulated by IRDAI.

It will also consider whether to update guidelines to cover cyber security issues in fintech solutions, mobile-based applications, work from remote location and cloud sourcing while reviewing the guidelines.

The committee will also prepare a comprehensive audit checklist and certification model. It will address base-line requirements for critical information infrastructures to sync with NCSI (National Security Council of India) guidelines. It will also specifically address the applicability of guidelines for foreign re-insurance branches (FRBs) which have an interface with overseas parent companies and other global re-insurers.

The 14-member committee will be headed by Institute for Development and Research in Banking Technology (IDRBT) chairman Janakiram.

AR Nithiyanantham, CGM-IT, Irdai will be member convenor of the Working Group. The committee has to submit its report in two months.

