Healthcare Organizations Dealing with Higher Cyber Insurance Costs for Less Coverage

The number of cyberattacks currently being reported is greater than ever before. A few years ago, healthcare cyberattack reports are received at a rate of one each day, however, in 2021, there have been months where cyberattacks were reported at double that rate.

The seriousness of cyberattacks has likewise become more intense and the cost of dealing with and recovering from attacks is right now much greater. The probability of a severe cyber attack happening and the high expenditures of remediating such an attack has made a lot of healthcare providers sign up for a cyber insurance plan to take care of the cost.

The Government Accountability Office (GAO) has lately released a study of the cyber insurance industry as requested by the National Defense Authorization Act for Fiscal Year 2021. GAO performed the research of the cyber insurance sector to know crucial trends and the difficulties encountered by insurance companies and the choices available to deal with them.

GAO researched cyber insurance policies, reviews on cyber risk and cyber insurance from analysts, think tanks, and the insurance sector and interviews were done with treasury officers and two industry organizations representing cyber insurance companies, an organization offering policy language services to insurance providers, and one big cyber insurance provider.

GAO discovered the number of insurance customers that maintain cyber insurance coverage has gone up by over 60%, from 26% (2016) to 47% (2020). As the need for cyber insurance coverage has risen, so too have insurance premiums. The upsurge in attack frequency and intensity resulted in dramatically higher insurance premiums. Based on the research, over one-half of cyber insurance buyers saw an increase in insurance premiums from 10% to 30% in late 2020.

Insurance prices have gone up, yet coverage has diminished. In particular industry sectors, which include healthcare and education, insurance companies have lowered coverage limits, which means victims of cyberattacks usually need to cover a percentage of the cost themselves.

A lot of insurance providers have ceased including insurance coverage for cyberattacks within their current policies and alternatively currently offer policies specific to cyber risk, nevertheless, there were a number of problems in creating these policies. Without access to all-inclusive, high-quality information on losses because of cyberattacks, the insurance market has found it hard to price insurance policies correctly. Industry stakeholders have proposed federal and state governments and market sectors ought to gather and share details on incident response, which could help the insurance sector develop more beneficial insurance products and price them appropriately.

There were also issues with the definitions employed and what specifically is included by a cyber insurance plan. For example, numerous policies cover cyberterrorism, yet it is uncertain precisely what cyberterrorism includes. Industry stakeholders have requested far better definitions of cyberattacks to be created to assist both insurance companies and their customers know exactly what is covered by insurance plans.

GAO discovered that a lot of companies, particularly smaller firms, are ignoring their cyber risks and the amount of insurance coverage they require. Researchers additionally discovered lots of companies that did not take out a plan since they have not grasped the magnitude of risks they face, and don’t see the importance of cyber insurance because they don’t believe it will take care of the cost of a cyberattack since there are lots of exclusions. Better definitions of cyberattacks and specifically what is covered will help these organizations to get the coverage they need to have.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.