IRDAI asks Insurers to conduct cyber security audit

Insurance Regulatory and Development Authority of India has directed insurers to conduct security audit of their Information and Communication Technology (ICT) infrastructure.

The insurers should take `immediate steps’ for conducting the audit of their systems including Vulnerability Assessment and Penetration Tests (VAPT) through Cert-in empanelled Auditors, identify the gaps and ensure that audit findings are rectified swiftly,” it said in a communication.

They should also firm-up their Cyber Crisis Management Plan (CCMP) for handling Cyber incidents more effectively, the regulator said.

The directive on Cyber security audit has come in the wake of some deficiencies. “Many of the insurers still have not finalised their gap analysis report, Cyber crisis management plan and board approved information and Cyber security policy,” it observed.