India's insurance sector has grown at a CAGR of 17 percent over the past two decades, reflecting substantial expansion and development. Despite the growth rate, the sector has witnessed a surge in cyber incidents in the last five years. According to a latest report published in 2025, India faced nearly 370 million malware attacks in 2024, with the banking, financial services and insurance sector among the top targets.
To enhance cybersecurity in the insurance sector, the Insurance Regulatory and Development Authority of India (IRDAI) introduced provisions in its ‘Information and Cyber Security Guidelines, 2023’ on 24 March 2025. These provisions address cyber incidents and crisis preparedness for insurance companies and intermediaries in India.
The move aims to minimise the potential damage caused by cyberthreats.
Per the new guideline, insurance companies and licensed intermediaries must notify IRDAI and the Indian Computer Emergency Response Team (CERT-In) within six hours of any cyber incident. This ensures rapid response mechanisms and mitigates financial, operational and reputational risks posed by cyberthreats.
The new regulation also mandates continuous vigilance over all Information and Communication Technology (ICT) systems. Insurers are expected to ensure end-to-end monitoring and retention of ICT and application log data for a rolling period of 180 days. This enhances cybersecurity resilience by ensuring insurers proactively detect and respond to potential threats, reducing the risks of data breaches and system vulnerabilities.
The mandate obligates insurers to have a structured response mechanism in place, enabling swift action in case of a cyberattack or data breach. This proactive approach ensures business continuity and minimal disruption in case of a cyber incident.
Opens in new window
Insurance firms must be equipped to manage cyber incidents in a responsive and regulatory-compliant manner. This encompasses both proactive and reactive measures for prevention, detection, and response to cyberthreats and vulnerabilities.
Download our latest thought paper which covers the new mandate in detail and highlights how insurers can comply with the reporting requirements and avoid any regulatory scrutiny.