7 out of 10 U.S. healthcare firms have no cybersecurity insurance

Aug. 22, 2018

A whopping 70% of healthcare firms in the U.S. have no cybersecurity insurance, according to a new survey commissioned by the analytics firm FICO.

While the healthcare sector is the most negligent in this area, according to the report, a significant portion of U.S. firms overall don’t have any cybersecurity insurance: 24%.

The new data follows a number of massive cyber breaches in recent years, such as the Equifax breach. Equifax spent a net $114 million in 2017 to cover the data breach expenses, including customer support and legal fees. However, $50 million of data breach costs were covered by insurance.

Meanwhile, the healthcare sector has suffered from a rise in cyber attacks in part because of its known vulnerabilities. According to figures in the McAfee Labs Threats Report for March 2018, 2017 saw a 211% increase in disclosed security incidents in healthcare compared with 2016.

While a quarter of U.S. firms have no cybersecurity insurance, that number has improved dramatically from 2017, when FICO found that 50% had no coverage. Meanwhile, in 2018, only 32% of U.S. firms said their cybersecurity insurance covers all risks.

Consultancy firm Ovum conducted the survey for FICO through telephone interviews with 500 senior executives from businesses in the U.K., the U.S., Canada, Brazil, Mexico, Germany, India, Finland, Norway, Sweden, and South Africa.

U.S. firms surveyed had less coverage than those in Canada, the U.K., and India. In 2017, U.S. companies had the lowest levels of cyber insurance coverage of all the countries surveyed.

ZDNet has the article