Ovum conducted a survey recently on behalf of analytics firm FICO, which revealed there has been a major increase in the number of companies that have taken out cybersecurity insurance; however, few healthcare organizations have paid for cybersecurity coverage.
The last time the survey was conducted in 2017, 50% of U.S. companies said they hadn’t taken out a cybersecurity insurance plan. That percentage has dropped to 24% in 2018. The high cost of resolving data breaches has spurred many companies to take out insurance. In the event of a breach, the policy will cover a large percentage of the breach resolution costs.
Yet, even though the threat of breaches is high and the costs of mitigating healthcare data breaches is higher than in other industry sectors, only 30% of healthcare companies have taken out cybersecurity insurance plans. The financial services sector, which is likewise heavily targeted by cyber criminals, has been quick to get coverage. Only 10% of surveyed financial companies did not have a cybersecurity insurance policy in place.
500 companies in 11 countries including the Canada, United States, India, and the UK participated in the survey. The percentages of U.S firms that have a cybersecurity policy is average across all countries surveyed. It is a big improvement on last year when U.S. businesses ranked last out of all surveyed countries.
The primary problem for companies is unreasonable premiums which are not calculated according to the actual risk level. Only a quarter of surveyed companies stated their insurers had calculated premiums according to an accurate analysis of their risk profile. Many believed the premiums were determined using industry averages, incorrect analyses, or unknown factors.
The higher risk of cyberattacks and the litigation that typically follows has prompted many businesses to take out insurance policies; however, in many cases, only basic insurance coverage is purchased. Only a third of American businesses (32%) said their insurance policy covered all cybersecurity breaches.
It’s not surprising to see a huge increase in U.S. businesses taking out cybersecurity insurance given the high number of reported breaches and the cost of resolving those breaches. As the insurance sector develops and the litigation and penalties increase, it is expected that more companies will opt for more comprehensive cover. However, that may not be possible for some companies. Insurance companies may not be willing to offer comprehensive cover to companies that face a high risk of being attacked.