How cyber risks vary between healthcare and non-healthcare clients

How cyber risks vary between healthcare and non-healthcare clients | Insurance Business

How cyber risks vary between healthcare and non-healthcare clients

NAS Insurance’s 2019 Cyber Claims Digest, which analyzed the specialty insurer’s claims data from 2018, revealed some interesting findings when it comes to the different types of risks currently facing healthcare and non-healthcare businesses.

In its analysis, NAS, which was recently acquired by Tokio Marine HCC and has rebranded as Tokio Marine HCC – Cyber & Professional Lines Group, identified the top three cyber causes of loss for both sectors.

Among non-healthcare policyholders, hacking attacks were the most common cause of loss, ransomware was second, and phishing attacks were the third most common cause of cyber claims.

“Overall, healthcare-related businesses’ cyber claims saw only a modest increase in claims (up 2%), while our non-healthcare policyholders’ claims grew by 38%,” says Jeremy Barnett, senior vice president of marketing at Tokio Marine HCC – Cyber & Professional Lines Group. “Cybercrime claims, across both segments, are up 68% over 2017 led by financial fraud, up 79%.”

The Insurer identified a more pronounced shift among non-healthcare insureds in 2018, where the number of cybercrime claims almost doubled from 2017 and has increased four-fold since 2016.

“The most significant increase of cybercrime activity is in financial fraud, again showing almost four times as many claims in 2018 as in 2016,” Barnett says. “These fraudulent transactions are often a result of email phishing schemes that lead to payments or wire transfers of funds to cybercriminals posing as our insured’s clients or business partners.”

For both healthcare and non-healthcare-related claims, the largest costs associated with cyber claims in 2018 were IT forensics and breach coach/legal expenses, the analysis found.

“IT forensics expenses are those related to the investigation of a breach, examination of what data may have been exposed or exfiltrated, crypto-currency procurement and payment, and data decryption and/or system restoration,” explains Barnett. “Breach coach/legal expenses are related to the legal fees incurred in managing the breach response, coordination of vendors and defense costs where applicable.”

Breach coach/legal expenses led all categories and represented 45% of cyber claims costs among healthcare policyholders in 2018, up from only 9% in 2017. IT forensics expenses among healthcare policyholders were relatively flat vs 2017, comprising 33% of overall claims expenses for the category.

“For non-healthcare claims, the IT Forensics costs were up 105% over 2017 and represent 51% of the overall costs of cyber claims,” Barnett says. “Breach coach/ legal expenses were up 72% over 2017, and represent 30% of overall cyber claims expenses.”