Navigating Cyber Insurance in an Evolving Threat Landscape
The rapidly shifting cyberthreat landscape presents unique challenges for healthcare organizations and underwriters navigating cyber insurance coverage decisions. Cyber liability insurance plays a crucial role in shielding healthcare providers from the mounting costs associated with data breaches and cyberattacks, which now average $9.77 million per incident in the healthcare sector, according to IBM.
The Challenges of Retaining Cyber Insurance
Healthcare, among other heavily targeted sectors, faces difficulties in securing and maintaining affordable cyber insurance. The constantly evolving threat landscape impacts risk profiles, which drives up premiums and complicates coverage retention. Although year-over-year premium growth plateaued in the U.S. in 2023, 79% of respondents in a Delinea survey still reported increased insurance costs, with 67% experiencing premium hikes between 50% and 100%.
As high-profile healthcare cyberattacks and increasing cyber risks persist, navigating the insurance landscape remains a significant challenge. Additionally, the lag in processing claims makes it difficult to anticipate how underwriters will respond to these changing threats.
How the Evolving Threat Landscape Impacts Cyber Insurance
Obtaining adequate cyber insurance coverage can be challenging in today’s risk-heavy environment. Unlike traditional insurance, where risks remain static, cyber risks constantly evolve to counteract security controls.
“Cyber insurance risk adjusters face a unique challenge; unlike fires, which aren’t actively trying to burn you in new ways, cyberthreats are constantly adapting to bypass existing protections,” said Christopher Henderson, senior director of threat operations at Huntress. This continuous adaptation often means that by the time underwriting is complete, a risk assessment may already be outdated.
Shifts in the threat landscape are driving changes in cyber insurance questionnaires. While in 2023 insurers focused on remote access tools, vulnerability management, and administrative access controls, the focus in 2024 shifted to include multifactor authentication (MFA) and identity-based attack prevention. This shift highlights the need for organizations to adapt to new requirements in cyber insurance as cybercriminals add new tactics to their playbooks.
Adapting Insurance to Emerging Threats
As cyberthreat tactics evolve, insurers may adjust policy terms to keep pace with the latest risks. Henderson suggests that insurers could move toward shorter underwriting cycles, possibly even six-month periods, to better align with the rapidly shifting cyber landscape.
Mitigating Risk and Controlling Cyber Costs
Several factors influence cyber insurance premiums, including organizational size and security posture. For healthcare providers, adhering to industry standards like SOC 2 and ISO 27001 can demonstrate compliance with best practices, improving coverage terms and potentially lowering premiums.
Healthcare organizations using the NIST Cybersecurity Framework (CSF) as their primary security standard reported lower premium increases compared to those without this framework, according to a 2024 report by KLAS Research, Censinet, and the American Hospital Association.
Henderson emphasizes the importance of layering new strategies with proven, traditional ones: “While staying vigilant against newer tactics like social engineering and identity-based attacks, maintaining consistent, auditable identity verification and MFA protocols remains crucial.”
Despite upfront costs, cyber insurance can significantly reduce financial impact during cybersecurity incidents. For example, a 2024 Sophos report found that organizations with cyber insurance saw an average ransomware recovery cost of $2.94 million compared to $3.48 million for those without coverage.
Navigating cyber insurance can be complex for healthcare organizations, but careful attention to risks and proactive security measures can help them secure the right coverage at sustainable rates.
Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more
Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more
Following swiftly after last week's successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more
Data Studio Overview Salesforce Data Studio is Salesforce's premier solution for audience discovery, data acquisition, and data provisioning, offering access Read more
