The Irdai is monitoring the situation with insurers, staying in touch with management for regular updates to ensure policyholders’ data is protected and threats are addressed
There have been reports of data leaks from two Insurers recently. At the outset, it is stated that the insurance regulatory development authority of India (Irdai) considers data security very important and takes data breaches, cyber-attacks on IT systems of insurance companies, etc very seriously.
Cyber security guidelines for insurance companies are in place which require insurers to put in place robust IT and cyber security frameworks for carrying out their operations.
The Irdai is closely monitoring the situation of the concerned insurers and has been in touch with their management. Regular updates are being obtained to ensure that the policyholders’ data and interests are fully protected and the company is taking all steps to arrest the threat posed by this breach.
What Does A Data Leak Mean
An insurance data leak could mean the theft of sensitive information from the records of insurance companies. They would include the policyholders' personal data, including names, addresses, Aadhar card details, financial information, medical records, and policy details.
A data leak can happen in various ways. One is through cyber attacks. In a cyber attack hackers can attack insurance companies, and exploit vulnerabilities in their systems, and get access to sensitive information. This can happen mostly if the insurance company does not have a comprehensive cybersecurity system in place.
Insurance companies also tie up with third-party operators for processing claims and customer support. If these third-party operators do not have foolproof security systems, customer data may be leaked.
Risks It Poses To Policyholders And Insurers
Such data leaks can pose significant risks to policymakers. It can lead to identity theft and financial fraud. Once criminals have access to sensitive information, they can create fake identities, file fraudulent claims, or engage in other illegal activities. Even access to information like phone numbers can mean that the policyholder can be subject to spam calls from various parties.
For insurance companies, this would mean that your reputation can take a hit, and they can face financial losses. It may also result in hefty fines and legal penalties from the regulator. This can significantly drive up litigation costs. The insurers would need to notify affected individuals about the leak of their data and also step up their cybersecurity measures.
What Insurance Companies Are Doing
Steps are being taken by insurance companies to keep policyholders' data safe and secure. Insurers have been directed to hire an independent auditor to conduct a thorough audit of their IT systems, ensuring there are no vulnerabilities and that the systems are suitable for their operational needs.
Insurers are working on upgrading their systems on an immediate basis both in the short term and the medium term. They are also addressing problems that relate to API security and vulnerability testing. The insurers have filed a criminal complaint with law enforcement against the entities responsible for the threats and issued a legal notice to a certain social media platform to stop them from selling policyholders' data. Irdai has advised all insurers to check their IT systems for any vulnerabilities and take necessary steps to protect policyholders' data.