Cybersecurity Insurance Not Implemented by 30% of Healthcare Organizations

A survey carried out by Ovum for analytics firm FICO has pointed to the fact that there has been a sharp rise in companies signing up for cybersecurity insurance, but the healthcare sector in general has been slow to follow this trend.

In 2017 when the previous survey took place, 50% of U.S. companies revealed that they had not taken out a cybersecurity insurance policy. That percentage has dropped to 24% in 2018. While many businesses see the worth of paying insurance premiums to cover the expense of mitigating cyberattacks and data breaches, that does not seem to be the case for healthcare firms.

Only 30% of healthcare groups have signed up for cybersecurity insurance policies. 70% have absolutely no cybersecurity insurance cover whatsoever, even though the sector is targeted by hackers. The financial services secgtor, which is also heavily focused on by cyber criminals, has been quick to avail of cybersecurity cover. Only 10% of questioned financial firms had no coverage for cyberattacks.

The survey targeted 500 companies in 11 countries including the U.S., Canada, India, and the UK. The statistics for the United States were the exact average across all surveyed countries, which is a major improvement on 2017 when U.S. firms ranked bottom out of all 11 countries for cybersecurity insurance uptake.

One of the main issues focused on by the survey was unfair premiums which had not been accurately calculated based on the level of danger. Only a quarter of surveyed companies said their insurers had set premiums using on an accurate analysis of their firm’s risk profile. Most believed the premiums were based on industry averages, inaccurate analyses or unknown elements.

The heightened risk of cyberattacks and the litigation that normally comes after this has led to many companies to take out policies, but in many cases the cover supplied is not comprehensive cover. Only a third of U.S. companies (32%) said their policy included all cybersecurity risks. Even though policies have been implemented, they may not pay out in the event of a breach occurring.

Doug Clare, vice president for cybersecurity solutions at FICO said “Given the number of large-scale and very public breaches in recent years, it’s not surprising that we’ve seen a big increase in US organizations investing in it over the past 12 months, but there’s still some way to go. As the insurance market matures and the litigation and fines increase we expect more firms will also go beyond basic coverage to seek insurance that is more comprehensive.”

However, Maxine Holt, research director at Ovum, said it may be a case of companies having a risk profile that that insurers are not prepared to cover in total.