Mudra Compass

In the fiscal year 2024–25, India’s insurance sector faced an unprecedented surge in cyberattacks, marking it as one of the most targeted financial segments in the country. With rapid digitisation across underwriting, claims processing, KYC, and customer servicing, insurers have become prime targets for cybercriminals. The sudden rise in cybercrime has alarmed regulators, customers, and whistle blowers alike.

As India marches toward becoming the world’s sixth-largest insurance market, the sector’s cybersecurity posture remains under intense scrutiny. This article explores the scale of cyberattacks in FY25, the regulatory and institutional response, and what insiders are witnessing behind the scenes—urging swift corrective action.

1. A Daily Cyber Siege

According to industry reports, Indian insurance firms blocked over 1.6 million attacks every day in January this year. This staggering frequency underscores the relentless probing of vulnerabilities—through DDoS assaults, botnets targeting APIs, and credential-stealing campaigns.

These are not minor incidents. Insurers house highly sensitive data—policyholder identities, health histories, financial records, and more. Any breach not only threatens personal privacy but poses broader financial and reputational risks.

2. Regulatory Wake-Up Call

In March 2025, the Insurance Regulatory and Development Authority of India (IRDAI) introduced new cyber and information security guidelines. Key directives include:

• Mandatory reporting of cyber incidents to IRDAI and CERT‑In within six hours.
• Robust ICT monitoring: Log data retention for 180 days and accurate timestamping.
• Cyber-crisis preparedness plans, backed by forensic experts.
• Board-level oversight to ensure accountability.

This framework marks a shift from reactive incident response to proactive resilience, aligning the insurance sector with RBI guidelines for banks and NBFCs.

3. Threat Landscape: From Phishing to Deepfakes

Cybercriminals are upping their game. Driven by AI, they now deploy voice clones, deepfake videos, and sophisticated chatbots to impersonate trusted personnel and lure victims. Traditional threats—like phishing, stolen credentials, and ransomware—remain rampant.

One recent case: a senior citizen in Mumbai was scammed of ₹2.36 crore by impersonators posing as IRDAI officials—a stark demonstration of social engineering’s potency.

4. The Rising Tide of Cyber Insurance

With threats mounting, India’s cyber insurance market is booming. Annual premiums are rising rapidly, with renewal rates nearing 100% in sectors like BFSI. Products such as HDFC Ergo’s “Cyber Sachet” plan are now accessible for as little as ₹3 per day.

However, cyber insurance remains emergent. The IRDAI’s working group notes that policies often vary in coverage, terms, and exclusions. As breaches escalate, more customised, SME-appropriate plans will be critical.

5. Insider Warnings: Compliance Gaps and Hidden Risks

Internal whistle blowers across insurers flag a consistent trend: basic cyber hygiene often falters in the rush to digitise. In many firms, third-party integrations are hastily deployed without adequate vetting. Robust API security protocols and access control mechanisms are frequently overlooked.

Most senior managers acknowledge cybersecurity just before audits or board meetings—not throughout the year. Off-the-record, CISOs reveal that staff training remains superficial, remediation plans are weakly tested, and forensic capacity is under‑resourced.

6. Building a Resilient Ecosystem

Closing the cyber resilience gap requires coordinated action:

• Regular red‑team exercises and breach simulations to test response readiness.
• Employee training focused on identifying deepfake callers or malicious links.
• Secure development practices, ensuring vendors conform to patch management and data encryption protocols.
• Mentored SOCs and stronger incident response playbooks.
• Stronger disclosures via board oversight and transparent whistle blower channels.

Such measures shift cybersecurity from compliance checklist to culture and capability.

Conclusion

FY25 exposed the insurance sector’s deep-seated cyber vulnerabilities. Yet it also catalysed sweeping reforms—from IRDAI’s guidelines and CERT‑In mandates to the rise of cyber insurance products. But these reforms must be matched by ground-level buy-in, investment and institutional change.

For whistle blowers, CISOs, and industry insiders, the message is clear: we can’t securitize half measures. This cyber onslaught demands urgent prioritisation—not just in technology, but in governance, culture, and consequences.

India’s insurance sector stands at an inflection point. It must rapidly evolve from a data-processing engine to cyber-resilient guardian. The safety of millions—financially and personally—depends on it.