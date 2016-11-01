Plans to come out with comprehensive guideline for banks by March

Insurance regulator IRDAI plans to come with a comprehensive guideline of cyber security by March 2017.

As a first step, it is setting in motion the process of evolving a cyber security framework with insurance companies.

Its decision, to have an appropriate mechanism for mitigating cyber risks, comes in the backdrop of recent cyber attacks, particularly in the banking sector.

On Monday, the Insurance Regulatory and Development Authority of India said a working group each for life and non-life sectors, including health, are to be formed.

Comprising CIOs of insurance firms, they will deliberate and decide on the issues related to cyber security.

The working groups would come with recommendations for a broad cyber security framework, to mitigate internal and external threats to insurers; scope for enhancement of measures against cyber fraud; and measures to improve business continuity and disaster recovery.

Preventive mechanism

The focus would be on a combination of preventive and detective mechanisms. IRDAI also wants the groups to come up with suggestions for effective and comprehensive cyber security audit related processes.

Apart from assessing the impact of legal risks arising out of cyber laws, the working groups would look at the need for specific legislation relating to data protection and privacy.

The working groups, which may form a sub-group, are required to submit the report by January.

Subsequently, IRDAI intends to come with an exposure draft. CGM-IT of IRDAI A.R.Nithiyanantham would be the Member and convener of the working groups.

In a communication, the regulator asked the insurers to submit, in brief, the present status and future plan of action to meet the challenges related to cyber security.

The broad areas in the action plan should relate to securing of data, applications, operating systems and network layers in case of cyber security attacks such as denial of service, phishing, hacking, man-in-middle, malware acts, sniffing and spoofing, among others.