The insurance sector, both in India and worldwide, has long been a potential target for cyberattacks, due to the vast amount of sensitive data held by Insurers and insurance intermediaries pertaining to their prospects and policyholders, including personal and financial data. Driven by advancements in IT infrastructure over the past decade, popularisation of cloud infrastructure and internet tools, and remote work arrangements necessitated due to the COVID-19 pandemic, the insurance sector in India has also seen shiftstowards digitalisation in order to streamline their operations, increase business efficiencies and enhance the related customer experience. However, the shift is also recognised to have made the insurance sector more vulnerable to cyber
threats.
Recognizing the need to safeguard the sector from such threats and address security threats, the IRDAI as the regulatory body has also been continually issuing and updating the norms applicable
to Insurers and various stakeholders in relation to their organisation-wide information and cyber security. Prior to 2017, the norms on data protection and confidentiality applicable to Insurers[1]
and insurance intermediaries[2] were spread across various regulations and circulars issued by the IRDAI[3] . Further, Insurers were also required to store their policy and claims records in
servers/data centres located in India[4] Read more
.
