Washington Hospital Services Industry Partners Sensato (cybersecurity) and Parker Smith & Feek (insurance brokers) provided a webinar Nov. 17 on what you need to know about cyber insurance and tactics to improve security and reduce premiums. See the webinar slides and recording.
A hard cyber market is here, so what does that mean? The presentation and additional information will provide an overview of cyber insurance coverage, how the market is changing and how health care organizations can mitigate negative impacts to rising insurance rates and coverage restrictions by implementing specific cybersecurity controls.
Beyond the normal controls cyber liability insurance companies look for, there are a few key things that you can do to lessen the risk of a cyberattack and reduce your cyber liability insurance premiums: involve your C-Suite in cybersecurity planning so they understand the risks and go beyond HIPAA compliance.
Following HIPAA recommendations does not mean your organization is secure and does not protect you from being a victim of ransomware or a cyberattack. Cyber liability insurance companies are beginning to realize (and require) more controls than checking the boxes for HIPAA.
Health care is the top critical infrastructure segment being attacked.
Because there are a lot of gray areas in HIPAA, health care organizations are vulnerable to attacks, resulting in an increase in cyber insurance companies paying out for attacks.
Cyberattacks are continually evolving. Just because you put controls in place one year doesn’t mean those controls will protect you next year. If you can explain to your executive team and get the board of directors to understand that cybersecurity investments are ongoing and that it’s not a one-time investment, having a plan to continually update your cybersecurity tactics will put you in a better position with cyber insurance companies because you will be able to show that you are advancing with the current threats.Find a good overview of 3-2-1 backup strategy here.
Be adequately insured!
The health care industry remains one of the most targeted sectors for ransomware and accounted for roughly 20 percent of ransomware attacks in Q2 of 2022. The increase in cyberattacks over the last several years has created a “hard” market for cyber insurance, as cyber insurance carriers have consistently looked to right-size their portfolio due to poor claims results. However, there is finally improving news in the cyber insurance market again, if, and only if, health care organizations have the proper controls in place.
Cyber insurance carriers have spent the last two years moving through correction strategies that have allowed them to achieve rate and underwriting adequacy. While the controls vary by size of risk, there are some consistent requirements for all: multifactor authentication (MFA) for remote access to the network, backups that are offline or disconnected from the local network, employee training, endpoint detection and response, patching, and an established incident response plan. For those organizations that have put controls into place, the rates have stabilized, increases have been minimized and there is more competition for your business. For additional information on cyber insurance and how to position your organization for competitive coverage options, please reach out to Parker, Smith & Feek. Read more. (Cynthia Hay)