by Jazmine West
Article filed in

Does your organization need cyber insurance?

by Jazmine West

A report by Verisk Analytics projects the cyber insurance markets to reach $6.2 billion this year. That may seem like a high number, but compared to the projected $305 billion losses in healthcare over the next five years, the single-digit investment is minor.

Healthcare has long been the most targeted industry for cyberattacks for years, and the trend continues. The money invested into cyber insurance is a very good sign because it shows that more healthcare providers are taking their cybersecurity seriously. 

SEE ALSO: Can Healthcare Protect Itself From Cybercriminals?

Definition

A cyber insurance policy, or cyber liability insurance, covers incidental damages from a cybersecurity attack or data breach.

Coverage may include damages and costs related to HIPAA-related fines, replacement of damaged IT infrastructure, theft/destruction, ransom, filing lawsuits, etc. It helps to cover breaches and threats regarding HIPAA and protected health information (PHI).

SEE ALSO: What is a HIPAA Violation?

Why healthcare organizations need cyber insurance

Healthcare is the most vulnerable business sector. With COVID and the increase of remote workers, network security is even more critical than usual. Cyberthreats are more prominent as cybercriminals take advantage of transitions and uncertainty of how to handle new COVID-19 related protocols.

SEE ALSO: Cybersecurity Risk Management: How Companies Are Responding to COVID-19 and Remote Work

Cyber insurance policies help protect medical and healthcare organizations from legal, financial, and reputational blows at the hand of cybercriminals. For example, a data breach involving PHI can lead to lawsuits from governing agencies and patients, a loss of trust, and ultimately, business. 

What to look for

Like all insurance policies, coverage varies widely among firms. Since cyber liability insurance is relatively new, there is no standard or expectation of coverage, making it harder to make the right choice.

However, we have gathered some key inclusions that a cyber insurance policy should offer.

  • Activity/network monitoring
  • Breach notifications
  • Network security
  • Business interruption costs
  • Legal fees

Typically, the organization’s specific circumstances tailor most cyber insurance policies. This is a good thing, but it also means that the buyer must do their due diligence to assess which elements are right for them.

Insurance carriers should always be transparent about the efficacy and relevant offerings. Always assess your organization’s needs and vulnerabilities when shopping for an appropriate policy. 

First-party vs. third-party coverage

There are typically two separate categories for cyber insurance policies, first-party and third-party coverage.

First-party coverage relates to damages of the attack or event itself. First-party coverage can include direct costs from spear phishing attacks, ransomware, and other cyberattacks or breaches. 

SEE ALSO: The Costs of Ransomware Attacks

Third-party coverage is typically the aftermath of an attack. Any damages resulting from the initial attack – such as claims made from outside parties –  fall into this category. This includes HIPAA violation claims from Health and Human Services, fines from credit regulatory agencies, patient lawsuits, etc.

It is important to note that first-party and third-party coverage include different features and often are separate policies. Consult with your underwriter to ensure adequate coverage.

Prevention is the best step

Investing in cyber insurance is a good – and even necessary – measure for protecting your organization. With the prevalence and frequency of attacks in the healthcare sector, no protection is too much. 

SEE ALSO: Universal Health Services Is the Target of One of the Largest Medical Cyberattacks in History

Proactive measures, however, are the preferred method. Rather than having to react and invoke costly cyber insurance, you can do yourself a huge favor by following some guidelines to protect against an attack at all.

According to Chubb, there are some actions you can take to help protect yourself from a threat: 

  • Limit access to privileged accounts
  • Conduct regular penetration tests
  • Improve password hygiene
  • Protect yourself against email phishing attacks

Even with taking these precautions, it is important to realize that there is never guaranteed protection from cyberthreats. These steps are critical measures to reduce your risk significantly.

How Paubox can help

Fortunately, Paubox Email Suite Plus is a HIPAA compliant email solution that blocks phishing emails with inbound and outbound email security.

Our solutions are HIPAA compliant by default, so you always protect your organization and patient data with zero-step encryption.

Paubox Email Suite Plus also comes with ExecProtect, which protects against tricky display name spoofing by stopping the attack before it hits your inbox.

Try Paubox Email Suite Plus for FREE today.