On Wednesday, the Insurance Regulatory and Development Authority of India (Irdai) issued revised cybersecurity guidelines aimed at strengthening the framework for insurers and intermediaries. Key changes include a requirement for the Information Security Risk Management Committee (ISRMC) to meet quarterly instead of twice a year, reflecting a need for continuous oversight amid evolving cyber threats. Boards are now tasked with allocating adequate budgets for cybersecurity and must address audit findings within a year. The Chief Information Security Officer (CISO) will operate with increased independence, distinct from IT functions, and will develop incident response plans while ensuring compliance with the Indian Computer Emergency Response Team. Additionally, an IT Steering Committee will be established at the senior management level to oversee technology strategy and data protection. The guidelines also impose stricter controls on outsourcing and cloud infrastructure, requiring prior approvals for sub-outsourcing and adherence to data deletion protocols. These revisions highlight Irdai's commitment to enhancing cyber resilience in the insurance sector.