Healthcare Companies Bracing for Greater Cyber Insurance Premiums for Less Coverage

The number of cyberattacks being reported these days is more than at any time. Several years back, healthcare cyberattack reports are filed at a rate of one every day, however in 2021, there have been months where cyberattacks were documented at two times that rate.

The intensity of cyberattacks has at the same time gone up and the cost of addressing and getting back from attacks is at this time more expensive. The possibility of a critical cyberattack taking place and the high costs of remediating this kind of attack have caused numerous medical companies to sign up for a cyber insurance coverage to handle the cost.

The Government Accountability Office (GAO) has not too long ago publicized a study of the cyber insurance industry as demanded by the National Defense Authorization Act for Fiscal Year 2021. GAO carried out the review of the cyber insurance sector to determine critical developments and the difficulties suffered by insurance providers and the alternatives available to handle them.

GAO analyzed cyber insurance plans, studies on cyber risk and cyber insurance from experts, think tanks, and the insurance market, and interviews were made with treasury representatives and two industry groups that represent cyber insurance vendors, an organization giving policy language services to insurance companies, and one large cyber insurance provider.

GAO identified the number of insurance buyers that have a cyber insurance coverage has risen by more than 60%, from 26% (2016) to 47% (2020). As the interest in cyber insurance plan has risen, so also have insurance premiums. The rise in attack frequency and seriousness led to remarkably greater insurance premiums. As per the research, greater than 50 percent of cyber insurance customers had an increase in insurance premiums between 10% and 30% at the end of 2020.

Insurance fees have gone up, although coverage has lessened. In a number of industry markets, such as medical care and education, insurance providers have decreased coverage limits, so that victims of cyberattacks quite often ought to pay for some of the cost .

Numerous insurance companies have discontinued including insurance policy coverage for cyberattacks within their active policies and as an alternative at this time offer insurance policies distinct to cyber risk, nevertheless there were a few problems in making these policies. With no access to complete, high quality information on losses as a result of cyberattacks, the insurance market has found it very difficult to put a cost on packages properly. Industry stakeholders have indicated federal and state governments and industrial sectors must accumulate and share details on incident response, which can help the insurance sector create much better insurance products and services and price them correctly.

There were likewise difficulties with the definitions utilized and what precisely is protected by a cyber insurance plan. As an example, a lot of policies cover cyberterrorism, however it is not clear precisely what cyberterrorism involves. Industry stakeholders have asked for clearer definitions of cyberattacks to be made to aid both insurance providers and their buyers fully grasp exactly what is paid for by insurance policies.

GAO determined that numerous companies, specifically smaller firms, are undervaluing their cyber risks and the sum of insurance protection they need to have. Researchers furthermore found numerous companies that did not get coverage because they have not fully understood the size of risks they face, and don’t see the benefits of cyber insurance since they don’t think it will deal with the expense of a cyberattack considering that there are so many exemptions. Improved definitions of cyberattacks and specifically what is covered can enable these organizations to get the coverage they require.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at