With Insurance Regulatory and Development Authority of India (IRDAI) recently strengthening its cybersecurity framework for insurers, intermediaries, and associated third parties, the revised guidelines place a sharper focus on continuous monitoring, faster incident reporting (within six hours), and stronger governance at the board level. The move signals a shift toward proactive cyber resilience, especially as cyber risks grow more sophisticated and interconnected.
Below is what Sunil Sharma, Managing Director & Vice President – Sales (India & SAARC), Sophos, has to say on the updated IRDAI cybersecurity guidelines.
“The updated IRDAI cybersecurity guidelines mark a welcome and much-needed shift from reactive compliance to continuous cyber resilience. It is encouraging to see the regulator taking a forward-looking stance, particularly with the mandate to report incidents within six hours. This reflects a clear push towards faster visibility and response — an area where many organizations are now accelerating investments in advanced threat detection and automation.
Equally significant is the expanded scope beyond insurers to include intermediaries and third-party networks. This acknowledges the evolving threat landscape, where attackers increasingly exploit supply chain vulnerabilities rather than targeting primary systems directly. It reinforces the need for organizations to adopt integrated security frameworks, supported by AI-driven monitoring and managed detection and response capabilities.
For the insurance sector, this goes beyond a compliance update — it signals a broader transformation in how cyber risk is approached. Organizations that proactively invest in unified visibility, rapid incident response, and strong governance at the board level will be better positioned to build resilience and trust. This is a positive step towards strengthening the overall security posture of the industry.”
— Sunil Sharma, Managing Director & Vice President – Sales (India & SAARC), Sophos
