In light of recent upticks in payouts – particularly around ransomware – cyber insurers are better understanding the risk and are adjusting rates accordingly.
It’s simple cause and effect; more cybercrime focused on hospitals, pharmaceutical companies and other organizations in the healthcare sector results in an increase in the number of successful ransomware attacks, data theft and fraud costing millions, which then causes a spike in the number of cyber insurance claims, finally making insurers take notice and modify the way they issue policies to minimize their risk.
In a recent article, David Basham, a broker for cyber insurer Willis Towers Watson spoke about the current rise in cyber insurance premiums due to the massive number of increased cyber attacks in the healthcare sector.
To counter this, cyber insurers are making changes to how they issue policies. For example, underwriters are now requiring healthcare providers to prove they’re improving the protection of their networks, hardware and data. In addition, some cyber insurers are choosing to exclude coverage of specific costs, set higher deductibles and require providers to pay steep co-insurance fees.
According to Basham, “over 60% of the incidents we see are attributable to someone clicking on something they shouldn’t have, or losing something they shouldn’t have, ” noting that “the majority of cases are still related to that human element.”
Phishing remains the number one threat action in data breaches and continues to run neck-and-neck with remote desktop access as the primary initial attack vector in ransomware attacks.
The fix is easy; enroll employees in continual Security Awareness Training. Employees can be taught what to look for in a phishing attack, how to avoid becoming a victim and how their actions help to reduce the organization’s cyber risk. This training also helps to satisfy the underwriter’s need to see your organization putting proper protective measures in place, which only helps to lower your cyber insurance costs.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
