Cyber liability coverage or cyber Insurance has become a hot topic issue in the wake of the large security breaches impacting Sony and Citibank. Traditionally, financial institutions have been the leading purchasers of the coverage, however, accordingly to Insurance Journal, only 1 in 4 corporations are buying cyber liability coverage despite the increased risk. 

 

Health systems and healthcare facilities carry an exposure similar to a financial institution given the large amount of personal/patient data held within their systems, and yet many are reluctant to purchase the coverage. They feel that their internal controls are adequate or that the basic coverage built into many E&O/professional liability or crime policies covers their exposure. They are living under a false sense of security. 

 

As the “Second Annual Cost of Cyber Crime Study” by the Ponemon Institute highlights, cyber attacks are costly and frequent. The Study found that cyber crime costs organizations in the range of $1.5m to $36.5m, per year and that organizations are logging on average 72 attacks per week and more than one successful attack a week by internet assailants. This marks a 44% increase from the Institute’s last study a year ago. Cyber Liability provides coverage for direct loss, legal liability, and consequential loss resulting from cyber security breaches. It additionally combines third-party (cyber liability) and first-party (cyber crime expense) onto one form – seeking to eliminate gaps with the insured’s crime policy. 

 

Given the increased exposure and the availability of quality insurance products, the question begs to be asked, why aren’t health systems and healthcare organizations purchasing the coverage? It is only going to take one incident for them to regret their decision - don’t allow your insured to remain unprotected.