2017 saw a surge in the number of different entities affected by a cyber breach. That was one of the key findings of NAS Insurance’s recently released 2018 Cyber Claims Digest, which lifted the lid on the true cost of cyber criminals’ activities.
The analysis discovered that, for healthcare, there was a 232% increase in 2017 in the number of entities impacted, while among non-healthcare policyholders, there was an 85% increase from 2016.
“With the increase in the number of identities impacted, another trend was foreseeable: larger breaches increased the average cost of remediation,” says Jeremey Barnett, senior vice president of marketing at NAS. “Notably, the average cost of IT forensic investigation fees/expenses became the largest average cost component in 2017.”
The average IT forensics costs for non-healthcare businesses were up 59% last year compared to 2016, and represented 44% of average non-healthcare claims costs. The average IT forensics costs for healthcare businesses were up 46% in 2017 and represented 33% of average healthcare claims costs. Overall, healthcare claims costs saw a significant increase
“Notification costs, in particular, increased 114% over 2016 expenses as several claims involved large groups of affected individuals,” Barnett says. “Related to the increase in notification cost is the significant 70% increase in the costs of call centers. The dramatic rise in call center costs for healthcare can be explained by the increase in identities impacted, but unique factors within the healthcare industry also appear to have played a part. For one, healthcare businesses generally tend to access, use and store a larger volume of personal information, including sensitive health and medical information.”
Tighter regulations and the implementation of the Health Insurance Portability and Accountability Act (HIPAA) introduced more stringent rules for those affected by a breach. As a result, the legal requirement for breach notifications to be sent out is growing increasingly common in the healthcare sector.
“Another factor in the dramatic increase in the cost of call centers is the fact that, according to NAS data, the average age of identities impacted by a healthcare breach skewed older,” Barnett says.
“Our experience has shown that individuals who are 60 years of age or older are more likely to contact a call center when a breach occurred. Also, the average length of conversations with call center representatives was longer because this demographic often requested extra assistance in understanding what the breach entailed and how it impacted them.”