Kathmandu. Although the information technology guideline, 2076 BS has made cyber insurance mandatory for all insurance companies, most of the insurance companies have not implemented it.
The entire insurance sector is at risk as this important provision for the protection of digital data and financial transactions is limited to paper only.
Chapter 4, Section 15 (4) of the guideline issued by the Nepal Insurance Authority clearly states, “Insurers should provide cyber insurance to minimize external and internal cyber risk and damage. This guideline was issued by the NRA on 14th Falgun 2076.
In addition, the guidance also directs insurers to adopt the following safety measures:
- to store your electronic records and data securely
- preventive, exploratory and responsive strategies to be adopted for cybersecurity
- Hardware, network and malware protection should be properly managed{
}
Even after 6 years of the implementation of the guideline, only a few insurance companies in Nepal have provided cyber insurance for their systems. It is ironic that the insurance companies that bear the risk of the common man are not serious about their digital risks.
The increasing risk of cyber-attacks, data theft and unauthorized access to IT systems can cause significant financial and reputational damage to the insurance sector at any time.
Clause 16 of the guideline states that the insurer has to test its information technology system annually and submit it to the Nepal Authority within six months. This provision confirms that the authority is receiving information annually whether the insurance company has done cyber insurance or not. Despite this, the authority has not been able to implement the provision related to compulsory cyber insurance to the insurers. Once the regulator issues the directive, it should also be concerned about its implementation or not. The authority has failed in this regard.
Apart from this, the internal auditor and the statutory auditor of the insurer have also been regularly checking whether the existing provisions have been implemented or not, but they have not shown any interest in the implementation of this issue.
Responding to a query from Insurance Khabar, Spokesperson and Managing Director of Nepal Insurance Authority Sushil Dev Subedi said that they can comment on the information technology guidance on cyber insurance only after studying.
It is necessary for the regulatory body Nepal Insurance Authority to take strict action against the insurers who do not implement the cyber insurance despite having clear provisions. If a hacker gains unauthorized access to the information technology of insurance companies, which have both capital and savings, the burden of losses incurred by the insurance companies will ultimately be placed on the heads of the public.
Such important provisions will remain only a formality until the Authority takes action against the companies that do not follow the IT guidelines.
Managing Director and Spokesperson of the Insurance Authority, Sushil Dev Subedi, said that the scheme could not be implemented effectively as none of the existing companies have been able to bring cyber insurance products. “The risk of cyber attacks is increasing at the international level in recent times, but none of the companies operating in Nepal have been able to bring cyber insurance products,” he said, adding, “If any company could bring a cyber insurance product, all the companies could participate in it.” However, it has not happened. ’
Subedi said that the authority will also seriously move forward to bring this product. “There is a need for the authority itself to come up with a special plan related to cyber insurance. ’
नेपालमै पहिलो पटक नेपाल इन्स्योरेन्सले सुरु गर्यो-‘साइबर क्राइम इन्स्योरेन्स पोलिसी’
With the approval of the Insurance Board (now Nepal Insurance Authority), Nepal Insurance Company Limited has already introduced cyber security insurance policy in 2075 BS. After the introduction of this insurance scheme, the authority has included the provision related to mandatory cyber security insurance in the guideline.
Banks, financial institutions and insurance companies have not yet provided cyber security insurance, saying that the insurance premium is expensive and not necessary in the context of Nepal.
