Only 30% of Healthcare Organizations Have Taken Out Cybersecurity Insurance
A recent survey conducted by Ovum on behalf of analytics firm FICO has revealed there has been a major increase in companies taking out cybersecurity insurance, but the healthcare industry has been slow on the uptake.
In 2017 when the survey was last conducted, 50% of U.S. firms reported that they had not taken out a cybersecurity insurance policy. That percentage has fallen to 24% in 2018. While many businesses see the value in paying insurance premiums to cover the cost of mitigating cyberattacks and data breaches, that does not appear to be the case for healthcare companies.
Only 30% of healthcare organizations have taken out cybersecurity insurance policies. 70% have no cybersecurity insurance cover whatsoever, even though the industry is targeted by hackers. The financial services industry, which is also heavily targeted by hackers, has been quick to take advantage of cybersecurity cover. Only 10% of surveyed financial firms had no coverage for cyberattacks.
The survey was conducted on 500 companies in 11 countries including the U.S., Canada, India, and the UK. The figures for the United States were the exact average across all surveyed countries, which is a major improvement on last year when U.S. companies ranked bottom out of all 11 countries for cybersecurity insurance uptake.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
One of the main problems highlighted by the survey was unfair premiums which had not been accurately calculated based on the level of risk. Only a quarter of surveyed firms said their insurers had set premiums based on an accurate analysis of their company’s risk profile. A majority believed the premiums were calculated on industry averages, inaccurate analyses, or unknown factors.
The increased risk of cyberattacks and the litigation that usually follows has spurred many companies to take out policies, but in many cases the cover provided is not comprehensive cover. Only a third of U.S. companies (32%) said their policy covered all cybersecurity risks. Even though policies have been taken out, they may not pay out in the event of a breach.
“Given the number of large-scale and very public breaches in recent years, it’s not surprising that we’ve seen a big increase in US organizations investing in it over the past 12 months, but there’s still some way to go,” said Doug Clare, vice president for cybersecurity solutions at FICO. “As the insurance market matures and the litigation and fines increase we expect more firms will also go beyond basic coverage to seek insurance that is more comprehensive.”
However, that may not tell the whole story. Maxine Holt, research director at Ovum, suggested it may be a case of companies having a risk profile that that insurers are not prepared to cover comprehensively.
