The Insurance Regulatory and Development Authority of India (IRDAI) has levied a fine of ₹3.39 crore on Star Health & Allied Insurance for failing to adhere to cybersecurity regulations. The penalty was revealed by the company in a regulatory submission to the National Stock Exchange (NSE), where it admitted shortcomings in protecting customer data and upholding cyber security measures. Star Health declared, “A penalty has been imposed regarding specific issues related to data protection and cyber security.” The insurer also mentioned that it is evaluating its legal choices, which entail the potential of contesting the IRDAI order at the Securities Appellate Tribunal (SAT). This regulatory measure comes after a cybersecurity event in late 2023, when unauthorized parties gained access to customer information. Although the breach did not interfere with the company’s activities, it sparked significant worries regarding data security measures in the insurer’s systems. IRDAI’s action indicates a more stringent regulatory approach to digital security in the insurance industry, particularly as data protection regulations become stricter with the implementation of the new Digital Personal Data Protection Act (DPDPA). The event further highlights the increasing necessity for insurers to allocate resources to strong cybersecurity practices to safeguard sensitive policyholder data and preserve trust in the digital era.
