Insurance plays a vital role in most healthcare business’ financial success and is a time and tested method to mitigate potential risk. While more standard brick and mortar insurance policies are a must for any healthcare facility, small to large, many are forgoing the ever-important cyber insurance, which can protect them from its technological vulnerabilities.
In the 1990s, individuals in risk management saw an opportunity to build a new network of coverage revolving around the rapidly expanding worldwide web. One of the first plans developed was conceived by the venerated Lloyd’s of London, which predicted a business’s potential risk to a business transfer of virus or malware and any associated litigation by the infected company to the infecting company. While this particular type of threat has not proven to be as common as initially perceived, it formed the building blocks of a new and bustling insurance market.
As the market has continued to grow, the emphasis has been on first-party and third-party coverages that focus on interruption, payment of fines and penalties, credit monitoring costs, public relations costs, and the cost of restoring or rebuilding private data. Today, more than 80 companies are competing in the cyber insurance space. Types of plans include:
- Network Security – Protection against cyber-attacks or hacking.
- Business interruption – Covers lost income and other costs due to a potential cyber event.
- Extortion – Converge for costs associated with investigating credible threats of extortion using company data as leverage.
- Reputation Insurance – Insurance against attacks to a person or business’s reputation and defamation.
- Theft or destruction – Covers destruction of necessary materials as well as any damages associated with the theft of materials.
- Computer Damage – Covers any costs associated with equipment that may be damaged by an attack.
- Information Privacy – Protects against any possible lawsuits of fines that can be associated with a violation of data privacy laws implemented by governments.
While there are many different types of plans and coverage possibilities, most cyber insurers can work directly with your office on crafting a plan. These plans can be customized to meet your needs. However, as with any insurance plan, one must ask themselves if the costs are worth protecting.
According to a recent study commissioned by AdvisorSmith Solution Inc., they found that the average cost of a cyber liability policy in 2019 was $1,500 per year for $1 million in coverage, with a $10,000 deductible. The factors that determine the prices cover a wide range, including but not limited to the size of a business and the industry it operates in, the sensitivity of the data, the annual revenue the company generates, and the strength of its security networks.
Many healthcare practices are asking themselves if the return on investment makes cyber insurance worthwhile. The answer requires more questions. If you suddenly had to pay each patient to repair the damage of their stolen data, would you have the funds to do so? Or, if locked out of your patient’s information so you could continue to do business, would you have the thousands of dollars to buy back your data?
Another question to look at is, are you in a higher-risk industry? For example, the healthcare industry is especially prone to cyber-attacks as they hold swaths of data on large groups of people. Also, the banking industry contains valuable fiscal information about their clients. When Anthem was subject to a massive data breach, they were fined tens of millions of dollars by the US Government and over one hundred million dollars of civil action litigation. In their circumstance, a cyber insurance plan would provide ample coverage to assist with such a breach.
When considering an insurance plan that is right for you, you will answer a wide range of questions to steer your business towards the policy that will best serve your company’s needs. Some items you should prepare to answer are:
- The value of your business and your amount of exposure.
- Amount of liability desired.
- Questions about your network security and privacy, including questions about:
- How your staff trained in security
- Do you have strict policies in place followed by all employees and contractors?
- Do you process credit card information?
- Do you collect personal information such as social security information, home addresses, etc.?
- Do you have IT staff?
- What is your past loss history?
- Do you have media subject to rights and licenses?
While this is a quick snapshot of the types of questions to be expected when considering cyber insurance, you can be confident you will need to provide an extensive overview of your network security systems in place as well as general information about your company. These questions will guide a potential provider in working to secure a plan best suited for your needs.
Cyber insurance is a field that, like almost all cyber components, is rapidly expanding and growing with the times. While you may have to ask yourself what the reward versus the risk is, it is great to consider if you have a business that is especially vulnerable to data risk. If you are interested in having your business’s IT needs evaluated, consider contacting CloudNexus for a comprehensive evaluation today. We will be happy to help you fill out the insurance application since we are very familiar with the information needed.