Cybersecurity Insurance Not Implemented by 30% of Healthcare Organizations

by Ryan Coyne | Aug 29, 2018

A survey carried out by Ovum for analytics firm FICO has pointed to the fact that there has been a sharp rise in companies signing up for cybersecurity insurance, but the healthcare sector in general has been slow to follow this trend.

In 2017 when the previous survey took place, 50% of U.S. companies revealed that they had not taken out a cybersecurity insurance policy. That percentage has dropped to 24% in 2018. While many businesses see the worth of paying insurance premiums to cover the expense of mitigating cyberattacks and data breaches, that does not seem to be the case for healthcare firms.

Only 30% of healthcare groups have signed up for cybersecurity insurance policies. 70% have absolutely no cybersecurity insurance cover whatsoever, even though the sector is targeted by hackers. The financial services secgtor, which is also heavily focused on by cyber criminals, has been quick to avail of cybersecurity cover. Only 10% of questioned financial firms had no coverage for cyberattacks.

The survey targeted 500 companies in 11 countries including the U.S., Canada, India, and the UK. The statistics for the United States were the exact average across all surveyed countries, which is a major improvement on 2017 when U.S. firms ranked bottom out of all 11 countries for cybersecurity insurance uptake.

One of the main issues focused on by the survey was unfair premiums which had not been accurately calculated based on the level of danger. Only a quarter of surveyed companies said their insurers had set premiums using on an accurate analysis of their firm’s risk profile. Most believed the premiums were based on industry averages, inaccurate analyses or unknown elements.

The heightened risk of cyberattacks and the litigation that normally comes after this has led to many companies to take out policies, but in many cases the cover supplied is not comprehensive cover. Only a third of U.S. companies (32%) said their policy included all cybersecurity risks. Even though policies have been implemented, they may not pay out in the event of a breach occurring.

Doug Clare, vice president for cybersecurity solutions at FICO said “Given the number of large-scale and very public breaches in recent years, it’s not surprising that we’ve seen a big increase in US organizations investing in it over the past 12 months, but there’s still some way to go. As the insurance market matures and the litigation and fines increase we expect more firms will also go beyond basic coverage to seek insurance that is more comprehensive.”

However, Maxine Holt, research director at Ovum, said it may be a case of companies having a risk profile that that insurers are not prepared to cover in total.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Used in 1000+ Healthcare Organizations and 100+ Universities

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter