Survey: 7 out of 10 US healthcare firms have no cybersecurity insurance

Overall, the portion of US firms with cybersecurity insurance has improved, but a significant portion remain unprotected.
Written by Stephanie Condon, Senior Writer

A whopping 70 percent of healthcare firms in the US have no cybersecurity insurance, according to a new survey commissioned by the analytics firm FICO. While the healthcare sector is the most negligent in this area, according to the report, a significant portion of US firms overall don't have any cybersecurity insurance: 24 percent.

The new data follows a number of massive cyber breaches in recent years, such as the Equifax breach. Equifax spent a net $114 million in 2017 to cover the data breach expenses, including customer support and legal fees. However, $50 million of data breach costs were covered by insurance.

Meanwhile, the healthcare sector has suffered from a rise in cyber attacks in part because of its known vulnerabilities. According to figures in the McAfee Labs Threats Report for March 2018, 2017 saw a 211 percent increase in disclosed security incidents in healthcare compared with 2016.

While a quarter of US firms have no cybersecurity insurance, that number has improved dramatically from 2017, when FICO found that 50 percent had no coverage. Meanwhile, in 2018, only 32 percent of US firms said their cybersecurity insurance covers all risks.

Consultancy firm Ovum conducted the survey for FICO through telephone interviews with 500 senior executives from businesses in the UK, the US, Canada, Brazil, Mexico, Germany, India, Finland, Norway, Sweden and South Africa.

US firms surveyed had less coverage than those in Canada, the UK and India. In 2017, US companies had the lowest levels of cyber insurance coverage of all the countries surveyed.

Prior and related coverage:

Editorial standards