Professional Documents
Culture Documents
CYBER SECURITY
GUIDELINES AND PENALTIES
2023-2024
www.securze.com
info@securze.com
The Insurance Regulatory and Development Authority of India (IRDA) had issued
guidelines on cybersecurity for insurance companies in India.
Digital Growth and Cyber Threats: As more and more digital technology is
being used in the insurance industry, the risk of cyberattacks is increasing.
These guidelines are being issued to help insurance companies defend
themselves better against these new cyber threats.
Who Should Follow the Guidelines: These guidelines apply to all types of
insurance companies, including various intermediaries like Brokers, Agents,
Insurance Repositories, Corporate Surveyors, Information Bureau, Web
Aggregators, Insurance Self Networking Platform.
www.securze.com
IRDA INFORMATION AND CYBER SECURITY
GUIDELINES AND PENALTIES 2023-2024
03
PROCEDURE OF CONDUCTING
VAPT DIRECTED BY IRDA
VA&PT of the entire ICT infrastructure components should be conducted
annually in every financial year.
Every VA&PT shall have two test cycles, one at the beginning of VA&PT for
identification of gaps and to check for known vulnerabilities, and a retesting
post closure of vulnerabilities identified.
The Cycle of the above security testing should be aligned with Annual
assurance audit.
Finally, you need to send the Security Certificate provided by your VAPT
Vendor to IRDA before the year end.
www.securze.com
IRDA INFORMATION AND CYBER SECURITY
GUIDELINES AND PENALTIES 2023-2024
04
Imprisonment up to 3 years
If you are Hacked Fine up to 2 Lakh Rupees 65
Or Both
Imprisonment up to 3 years
Offences related to
Fine up to 5 Lakh Rupees 66
Computer
Or Both
If you Dishonestly
Imprisonment up to 3 years
Receiving Stolen
Fine up to 1 Lakh Rupees 66B
Computer
Or Both
Resources
Imprisonment up to 3 years
Identity Theft Fine up to 1 Lakh Rupees 66C
Or Both
Preservation and
Retention of Imprisonment up to 3 years
67C
information Variable Monetary Fine
by intermediaries
www.securze.com
IRDA INFORMATION AND CYBER SECURITY
GUIDELINES AND PENALTIES 2023-2024
05
Representing wrong
Imprisonment up to 2 years
material fact with
Fine up to 1 Lakh Rupees 71
Controller or the
Or Both
Certifying Authority
Imprisonment up to 2 years
Privacy Breach Fine up to 1 Lakh Rupees 72
Or Both
Imprisonment up to 2 years
Publication for
Fine up to 1 Lakh Rupees 74
fraudulent purpose
Or Both
Imprisonment up to 3 years
Punishment for
Fine up to 2 Lakh Rupees 66E
violation of privacy
Or Both
www.securze.com
IRDA INFORMATION AND CYBER SECURITY
GUIDELINES AND PENALTIES 2023-2024
06
Beyond the abundance of sensitive data like credit card details, banking
information, and personal customer data, the surge in vulnerabilities is a
key driver of attacks on Indian insurance firms.
www.securze.com
For business inquiries,
contact us.
www.securze.com
info@securze.com