Evolving Cyber Security Regulations
Cyber Security is one of the most important areas for Insurance Companies and other Financial institutions due to the changing threat landscape which the Global community is observing nowadays. Insurers must have a state-of-art Security Posture to protect the highly sensitive consumer’s financial & Personally Identifiable Information and health information collected as part of the underwriting and claims processes.
Having said that! The Insurance Regulatory and Development Authority of India (IRDAI) is a statutory body set up for protecting the policy holder’s confidential information Personally Identifiable Information and Protected Health Information in India.
By adopting and exercising various Cyber Security best practices and optimizing Security Posture, Insurance Companies can, not only meet the compliance as defined by Regulatory Guidelines but also make them equipped to adopt new things which could be the outcome of evolving Regulations which we have witnessed in the past as well.
Organizations should start practicing the Zero Trust Security culture while sharing confidential information such as Customer’s Personally Identifiable Information and Protected Health Information with external parties as part of the Business as usual to make them ready for upcoming DPDPA 2023 in India.
Cyber Security Framework
A Cyber Security framework is a set of guidelines that outlines standards to define the processes and procedures that an Insurance Organization must take to assess, monitor, and mitigate Cyber Security risk and strive to be in line with Compliance and Legal requirements as per Law of the Land.
The most common Cyber Security frameworks that should be adopted to achieve the most critical objective of the Organization of Cyber Security are the following:
- To Improve the Critical Infrastructure Cyber Security posture for managing the Cyber risk
- Enabling a continuous monitoring and governance process to identify gaps which enables the Organization to implement the right controls to mitigate Cyber Security risks
- Compliance with Cyber Security Regulations and Guidelines as laid down by the Regulator
- Recognize Cyber Security as a key component of Enterprise Risk Management along with the Financial, Operational and Reputational risks of the Organization.
- Evaluate Third Party Risk Management to access Supply Chain Management Risk in the course of Business as usual operations.
The most popular and adopted Cyber Security framework adopted by Organizations across the globe are as mentioned below:
- NIST
- ISO 27001:2022
- ISO 27002:2022
- ISO 22301:2019
- SOC 2
- HIPPA
- GDPR
DPDPA 2023 is on its way to, rolled out very soon in India, which is the most awaited one!