Cybersecurity Insurance Not Implemented by 30% of Healthcare Organizations

by | Aug 29, 2018

A survey carried out by Ovum for analytics firm FICO has pointed to the fact that there has been a sharp rise in companies signing up for cybersecurity insurance, but the healthcare sector in general has been slow to follow this trend.

In 2017 when the previous survey took place, 50% of U.S. companies revealed that they had not taken out a cybersecurity insurance policy. That percentage has dropped to 24% in 2018. While many businesses see the worth of paying insurance premiums to cover the expense of mitigating cyberattacks and data breaches, that does not seem to be the case for healthcare firms.

Only 30% of healthcare groups have signed up for cybersecurity insurance policies. 70% have absolutely no cybersecurity insurance cover whatsoever, even though the sector is targeted by hackers. The financial services secgtor, which is also heavily focused on by cyber criminals, has been quick to avail of cybersecurity cover. Only 10% of questioned financial firms had no coverage for cyberattacks.

The survey targeted 500 companies in 11 countries including the U.S., Canada, India, and the UK. The statistics for the United States were the exact average across all surveyed countries, which is a major improvement on 2017 when U.S. firms ranked bottom out of all 11 countries for cybersecurity insurance uptake.

One of the main issues focused on by the survey was unfair premiums which had not been accurately calculated based on the level of danger. Only a quarter of surveyed companies said their insurers had set premiums using on an accurate analysis of their firm’s risk profile. Most believed the premiums were based on industry averages, inaccurate analyses or unknown elements.

The heightened risk of cyberattacks and the litigation that normally comes after this has led to many companies to take out policies, but in many cases the cover supplied is not comprehensive cover. Only a third of U.S. companies (32%) said their policy included all cybersecurity risks. Even though policies have been implemented, they may not pay out in the event of a breach occurring.

Doug Clare, vice president for cybersecurity solutions at FICO said “Given the number of large-scale and very public breaches in recent years, it’s not surprising that we’ve seen a big increase in US organizations investing in it over the past 12 months, but there’s still some way to go. As the insurance market matures and the litigation and fines increase we expect more firms will also go beyond basic coverage to seek insurance that is more comprehensive.”

However, Maxine Holt, research director at Ovum, said it may be a case of companies having a risk profile that that insurers are not prepared to cover in total.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy