Over the past twenty years, India’s insurance industry has experienced robust growth, expanding at a Compound Annual Growth Rate (CAGR) of 17%. However, despite this impressive trajectory, the sector has seen a sharp rise in cyber threats in recent years. A 2025 report* revealed that India encountered nearly 370 million malware attacks in 2024, with the banking, financial services, and insurance (BFSI) sector among the most frequently targeted.

In response to the growing demand for proactive cybersecurity practices, the Insurance Regulatory and Development Authority of India (IRDAI) incorporated new provisions into its ‘Information and Cyber Security Guidelines, 2023’ on 24 March 2025. These provisions focus on managing cyber incidents and enhancing crisis preparedness among insurance companies and intermediaries across India.

As per the latest circular, regulated entities (REs) are also required to report any cyber incident to IRDAI in the specified format within six hours of detection or notification.

Non-compliance with reporting obligations can attract regulatory attention and result in penalties, thereby establishing the importance for organisations to maintain a robust and well-defined incident response strategy. 

How can Grant Thornton Bharat help?

At Grant Thornton Bharat, our dedicated team of experts - proficient in risk assessment and other cyber security capabilities - can support your organisation through various stages of incident response strategy until execution. With our globally acceptable methodology and renowned forensic technology applications, we can efficiently process large volumes of data while being cost effective in managing large eDiscovery matters.

We can help you with: 

1.

Log management solutions

Ensuring ICT logs are stored and monitored for 180 days, guaranteeing availability during crises.

2.

Cyber crisis management planning

Developing and implementing CCMP, including cyber threat intelligence procedures, ensuring preparedness and business continuity. 

3.

Forensic expertise

Empaneling forensic experts for immediate availability through a flexible retainership model, ensuring swift mitigation of incidents. 

4.

Conflict-free cybersecurity services

Providing SOC operations, attack surface monitoring, and red teaming without conflicts of interest, maintaining investigation integrity. 

5.

Training and awareness programmes

Conducting training sessions and supporting incident notification to regulators, using global methodologies for detailed investigations. 

Our offerings 

Our Digital Forensics and Incident Response (DFIR) capabilities and offerings provide end-to-end support, from proactive readiness and forensic investigation to complete incident response, data recovery, and litigation support. 

Digital Forensics and Incident Response

  • Gather organisation context.

  • Review security documentation.

  • Scenario development.

  • Facilitation and execution of interactive tabletop exercise.

  • Evaluation and feedback.

  • Training and awareness. 
  • Forensic analysis, attribution and recovery.

  • Static and dynamic analysis.

  • Negotiation and payment handling.

  • Security assessment and hardening.

  • Assess data exfiltration.

  • Compliance and reporting. 
  • Incident response readiness & planning.

  • Digital investigations & remediation.

  • Threat intelligence.

  • Data identification & remediation.

  • Regulatory compliance support

  • Communication & notification.

  • Forensic analysis 
  • Data collection and preservation.

  • eDiscovery.

  • Forensic and timeline analysis.

  • Litigation support.

  • Data theft/IP theft investigations.

  • Compliance and regulatory support.

  • Training and awareness.
  • Expert witness testimony.

  • Case strategy development.

  • Document review and analysis.

  • Damage assessment and valuation.

  • Discovery support & forensic analysis.

  • Trial preparation & support.

Digital Forensics and Incident Recovery

  • Business impact analysis.

  • Recovery strategy development.

  • Business continuity and disaster recovery plans.

  • Data backup and recovery.

  • After-action reports.
  • Internal communications (documentations, coordination).

  • External communications (stakeholder updates, public relations).

  • Communication channels (primary –emails, internal messaging systems and secondary –SMS, phone calls).
  • Post incident review.

  • System restoration.

  • Continuous post recovery monitoring.

  • Regular Testing.

  • Feedback loop.

Why Grant Thornton Bharat?

Our DFIR capabilities

  • End-to-end services from technology to manage reviews with rapid development of projects within a few hours of matter approval and 24x7 assistance as required.

  • Committed team of experts from diverse fields including engineers, CA, Data Analysts and professionals certified with GCFA, GNFA, CFE, CCE, EnCE, CEH, RHCE, ACE.

  • High end machines with capabilities to process voluminous data with external storage capacity of over 10 TB.

  • Enriched with end-to-end services including data collection to reporting for Windows, Mac Forensics and mobile forensics.

  • Consulting support to large multinational corporations as well as regulatory bodies on digital forensics and incident response.

  • State of the art lab for performing technology related engagements. 

Our Cyber Incident Response capabilities

  • Dedicated team of Cyber security professionals up to date in emerging incident response and cyber security trends.

  • Expertise in efficiently processing large volume of data allows to be cost effective in managing large eDiscovery matters.

  • Incident response plan audit to prevent legal pitfalls and ensure compliance with laws and regulations.

  • Proficient risk assessment and cyber security capabilities – access control, security policies, network security, encryption and end point security as a part of incident response.

  • Assisting clients with regulatory queries and show cause notices, ensuring effective crisis resolution.

  • Utilising visuals and timelines to illustrate incident response, root cause analysis, and key data insights.

Our experts on Digital Forensics and Incident Response (DFIR)

Gaganpreet Singh Puri on DFIR retainerships and cyber crisis readiness

IRDAI’s directive on Digital Forensics and Incident Response (DFIR) retainerships highlights the need for insurance companies to prepare before a cyber incident occurs. In this video, Gaganpreet Singh Puri shares why pre-selecting and empanelling a DFIR partner strengthens resilience, ensures compliance, and minimises the impact of cyber threats.

The video is playing. This video is playing in mini-player mode.

Kush Wadhwa on navigating cyber incidents with expert DFIR support

In a highly interconnected digital world, the first hours after a cyber incident can define the outcome. Kush Wadhwa sheds light on how Grant Thornton Bharat’s DFIR experts combine deep technical expertise and rapid action to investigate breaches, mitigate damage, and maintain operational stability. With the IRDAI DFI mandate driving proactive measures, organisations can safeguard customer trust and stay ahead of emerging cyber risks.

The video is playing. This video is playing in mini-player mode.

Akshay Garkel on strengthening cyber resilience through DFIR

Cyber threats are constantly evolving, and organisations need more than just reactive measures. Akshay Garkel shares how our cybersecurity services help businesses identify risks early, respond effectively, and maintain continuity when incidents occur. DFIR empowers organisations to stay secure, resilient, and trusted in a connected world.

The video is playing. This video is playing in mini-player mode.

Next steps for insurance companies

Insurance companies must actively manage cyber incidents with speed and full regulatory compliance. They must implement both proactive and reactive strategies to prevent, detect, and respond to cyber threats and vulnerabilities.

To know more, connect with our experts.

Our leaders

Gaganpreet Singh Puri
Gaganpreet Singh Puri
Partner and Crisis & Resilience Leader
Gurugram
View full profile
Akshay Garkel
Akshay Garkel
Partner and Cyber Advisory Leader
Mumbai
View full profile
Jaspreet Singh
Jaspreet Singh
Partner, Cyber Advisory
Gurugram
View full profile
Kush Wadhwa
Kush Wadhwa
Partner, Crisis & Resilience and Cyber...
Gurugram
View full profile
    Digital Forensics and Incident Response

    Digital Forensics and Incident Response

    IRDAI mandates insurers and intermediaries to empanel cyber forensics experts to ensure swift response and preparedness for cyber incidents.