Giving Compass' Take:

 According to a survey from an analytics firm, FICO, 70 percent of healthcare organizations have no cyber insurance which is a surprising amount after the many healthcare data breaches and ransomware attacks. 

• Ransomware attacks are very expensive to handle and are an additional concern besides the threat of information-sharing. Why don't more healthcare organizations invest in cyber insurance?

• Read about the ways in which philanthropists can build more capacity for digital security in civil society. 

Given the proliferation and cost of healthcare data breaches and ransomware attacks, it is surprising that 70 percent of healthcare organizations have no cyber insurance, according to a survey of security executives by Ovum for analytics firm FICO.

This compares with only 24 percent of US firms across industries not having cyber insurance coverage, down significantly from 50 percent in 2017.  “It's is great to see that progress is being made but still surprising, that nearly a quarter of US firms surveyed have no cybersecurity insurance coverage,” said FICO vice president for cybersecurity solutions Doug Clare.

“Given the number of large-scale and very public breaches in recent years, it's not surprising that we've seen a big increase in US organizations investing in it over the past 12 months, but there's still some way to go. As the insurance market matures and the litigation and fines increase we expect more firms will also go beyond basic coverage to seek insurance that is more comprehensive.”

The survey also found that only 32 percent of US firms said their cybersecurity insurance covers all risks, and only 26 percent said their insurer based their premiums on an accurate analysis of their risk profile.

“It could also show that these companies have a current security posture that insurers are not prepared to cover comprehensively. We should not detract from the positive news here; 76 percent of US organizations have elevated the importance of cybersecurity to a level that requires insuring, even if only partially,” she added.

In addition to data breaches, ransomware attacks can be costly for healthcare organizations. In fact, more than one-quarter of cyber insurance claims received by insurance giant AIG last year were the result of ransomware attacks, the largest percentage of any cyber attack type.

Read the full article about cyber security at healthcare organizations by Fred Donovan at SmartBrief