Summary of this article
Irdai asks insurers to review cybersecurity systems against AI-led cyber threats
Insurance companies must submit cyber defence corrective measures by May 22
AI-driven phishing, fraud, data breaches raise cybersecurity concerns for insurers
Digital insurance operations increase risks from sophisticated automated cyberattacks
India’s insurance regulator has asked insurance companies to take a fresh look at their cybersecurity systems as concerns rise over artificial intelligence-led cyber threats in the financial sector.
The Insurance Regulatory and Development Authority of India (Irdai) has reportedly told insurers to review their existing cyber defence mechanisms and submit details of corrective measures by May 22. The direction comes at a time when financial institutions are facing growing risks from technology-enabled frauds, sophisticated phishing attacks, and data breaches.
People familiar with the matter said the regulator wants insurers to assess whether their current systems are strong enough to tackle newer forms of cyberattacks that use artificial intelligence and automation tools, according to a recent NDTV Profit article.
1 May 2026
Get the latest issue of Outlook Money
Over the past few years, insurance companies have rapidly shifted towards digital operations. Policy purchases, renewals, premium payments, claims processing, customer onboarding, and even underwriting have increasingly moved online. As a result, insurers today handle huge amounts of personal and financial information digitally.
Industry observers say this has also made insurance companies more exposed to cyber risks.
Regulator Concerned About Older Systems
According to industry experts, many insurers still depend partly on older technology frameworks that may not have been built to deal with advanced AI-led attacks.
Traditional cybersecurity systems are generally designed to identify known patterns of suspicious activity. But experts say artificial intelligence has changed the nature of cybercrime. Fraudsters can now create more convincing fake emails, imitate customer communication styles, generate fabricated documents, and automate fraud attempts on a much larger scale.
Such attacks are often harder to detect because they can closely resemble genuine customer behaviour.
Experts also point out that insurance companies are connected to multiple external service providers, including hospitals, payment gateways, cloud storage firms, and third-party administrators. Weaknesses in any linked system can potentially create vulnerabilities for insurers as well.
The regulator’s latest communication is being seen as an attempt to ensure that insurance companies do not treat cybersecurity as only a compliance exercise.
Digital Insurance Ecosystem Expanding Rapidly
India’s insurance sector has seen aggressive digital expansion after the pandemic. Customers now expect faster policy issuance, instant renewals, app-based servicing, and quicker claim settlement processes.
To keep up with rising customer demand for faster services, many insurers have brought more technology into everyday operations, from policy approvals and claim settlement to customer support and risk assessment.
Industry experts say the wider use of digital systems has also created more areas that hackers and fraudsters may try to exploit.
Technology specialists say AI-based cyberattacks are capable of identifying system weaknesses quickly and carrying out large-scale automated intrusion attempts. In several cases globally, financial institutions have already faced attacks involving synthetic identities, AI-generated phishing campaigns, and sophisticated social engineering methods.
This has forced regulators worldwide to sharpen their focus on cybersecurity preparedness in the financial sector.
More Oversight Likely Ahead
The regulator’s May 22 deadline suggests that insurers are expected to respond quickly.
Industry experts believe insurance companies may now need to step up investments in cybersecurity monitoring systems, vulnerability testing, employee training, and vendor risk assessments.
Some experts also expect tighter regulatory guidelines around data security and artificial intelligence governance in the insurance sector over the coming months.
The broader concern for regulators appears to be that as insurers become more technology-driven, cyber risks are also evolving rapidly.
For insurance companies, the challenge now is no longer limited to expanding digital services. The bigger task may be ensuring that customer data and financial systems remain protected as cyber threats become increasingly sophisticated.
FAQs
1. Why has Irdai asked insurers to review their cybersecurity systems now?
The regulator is concerned that AI-led cyberattacks are becoming more advanced and harder to detect. As insurers increasingly depend on digital platforms, protecting customer data and financial systems has become more critical.
2. What kind of cyber threats are insurance companies facing today?
Experts say insurers are now exposed to AI-generated phishing attacks, fake customer identities, automated fraud attempts, and data breaches that can closely imitate genuine customer behaviour.
3. How could stronger cybersecurity measures affect policyholders?
Customers may see tighter verification checks, safer digital transactions, and stronger protection of personal and financial information as insurers strengthen their cyber defence systems.
