After analyzing almost 1,500 of its cyber claims from 2017, NAS Insurance has made some interesting discoveries. One of its most compelling findings was the increase in the average cost of IT forensics and call centers.
In 2017, the average IT forensics costs for non-healthcare businesses were up 59% compared to 2016, and represented 44% of average non-healthcare claims costs. Likewise, in 2017, the average IT forensics costs for healthcare businesses were up 46% compared to 2016 and represented 33% of average healthcare claims costs. But what’s happening so far in 2018?
“The cost of IT forensics is continuing to rise because cyber incidents are more complicated and, as a result, it is taking more time to figure out what exactly happened,” says Jeremy Barnett, senior vice president of marketing at NAS.
Barnett gives the example of a cybercriminal who stole an employee’s Office 365 credentials to access their emails, contacts and network. The IT forensics work that follows that hack is much more complicated than if the hacker had simply taken some data and exfiltrated it. With something like the Outlook hack, the forensics team needs to work out how the hacker got into the account, for how long they had access, and what they did when they had access – all of which takes time and expert resources.
“We are seeing more cases of a user’s credentials being stolen to conduct a fraudulent transaction or some sort of email phishing scam,” Barnett says. “Working out exactly what the hacker did is getting more and more complicated, and because of that it becomes more expensive.”
NAS attributes its 2017 increase in call center costs to an influx in healthcare-related claims, which tend to affect a higher proportion of elderly people. When elderly people are impacted by such an event they are more likely than younger demographics to contact a call center to get the reassurance of a human touch point.
“So, we see that rise as being a little more anomalous – it is not something that is really trending,” Barnett says. “There just happened to be a lot of expense on call centers because we had a lot of healthcare related breaches that had large populations of older people.”