Insurers Take Pulse of Healthcare Firms Cyber Resiliency Amidst Mounting BI Losses
Cyber loss trends for healthcare are a developing story and have taken center stage in recent years. These recent loss trends are coming in the form of business interruption and the unique challenges that extend to patient care when a network outage occurs. As stated in a news article from Advisen Cyber FPN, any amount of network downtime can have serious implications for the delivery of patient care. In addition to potential bodily injury or adverse medical care outcomes, providers may also delay elective surgeries or send patients to neighboring hospitals. This causes a business interruption loss for the hospital, which is substantially raising ransomware claim costs. Cybercriminals understand that inflicting a system outage is key to a big payday, a huge reason for their continued targeting of the healthcare sector. Underwriters have taken note of this and will undoubtedly be requesting more details related to things like incident response and business continuity plans. Security controls like multifactor authentication (MFA), robust security around RDP ports and data management strategies will continue to be scrutinized.
Partnering with IT on Asset Management Is Crucial
Many organizations have made great strides in their cybersecurity efforts over the last two years. However, for many, these efforts are partially driven by insurers mandating certain controls and tools to be deemed an insurable risk. While “requirements,” such as multifactor authentication, endpoint detection response, etc. are valuable tools to help protect your organization and prevent an attack from occurring, they are imperfect. Even organizations with every tool and procedure imaginable have vulnerabilities. This is why asset management is so important. Risk & Insurance recently addressed the subject, expanding upon the importance of a proper asset management program and identifying key tools within one. This should be an area of focus for all organizations looking to continue improving their cyber risk management program.
It’s Time to Coordinate Your Cyber and Crime Policies
Social engineering claims are on the rise as cybercriminals continue to reinvent how they deceive employees. In fact, social engineering schemes have quickly become the most common cybercrime. A new article from Risk & Insurance discusses the overlap that exists between cyber and crime policies when it comes to social engineering, urging businesses to strategically coordinate between the two coverages. As the loss activity continues to rise (both in frequency and severity) and applicable coverage continues to be provided in crime and cyber policies, it’s critically important that insureds and their brokers work together to align their cyber and crime policies. This proactive effort will pay dividends if and when a social engineering incident occurs.
2023 CIO Priorities: Trust No One
It’s a new year, and for many CIOs, that means turning over a new leaf. In 2021, the FBI’s Internet Crime Complaint Center recorded 847,376 complaints around cyber attacks with potential losses exceeding $6.9 billion. Those trends continued in 2022. As cyber threats continue to escalate, many companies are taking the “zero-trust” approach, where any user, device or application is a potential threat.
The human element is known to be one of the biggest vulnerabilities in cyber attacks. One-click of a link could cause a major breach in security. A new article from the Wall Street Journal lays out the zero-trust approach many CIOs are taking in 2023.