Cyber security breaches are now considered as large a business threat as natural disasters, according to a report issued by the Ponemon Institute and Experian Data Breach.
In the cross-industry survey of 620 companies with 500 or more employees, healthcare organizations were especially likely to be focused on data breaches — 77 percent of healthcare respondents said cyber security risks were equal to or more important than other major business risks.
"I wasn't surprised by most of the survey results — just that first statistic" indicating cyber breaches are equated with fires and earthquakes in terms of potential damage for an organization, says Mike Bruemmer, vice president of Experian Data Breach Resolution.
The high level of concern over data breaches may not be unfounded. According to the survey, the average cost of a data breach is $188 for each lost or stolen record, and the average cost of a data breach across industries for a company with one or more incidents is $9.4 million. Of companies that had a breach within the past 24 months, 70 percent reported an increased interest in data breach prevention due to the often catastrophic results.
The increased concern about data breaches has "really put cyber insurance in primetime," says Mr. Bruemmer. While just a third of healthcare organizations reported currently having cyber insurance, 41 percent have plans to purchase cyber insurance in the future.
"We expect the number of healthcare organizations with cyber insurance to increase rapidly and keep increasing," says Mr. Bruemmer. A majority of healthcare respondents (70 percent) reported having gone through the initial stage of valuating the organization for a future insurance purchase.
The survey also found that cyber insurance tends to create satisfied customers — of those companies that currently have cyber insurance, the majority (62 percent) felt their premiums are reasonably priced, and 44 percent considered themselves extremely likely to recommend cyber insurance to others.
However, cyber insurance alone many not be enough to adequately protect a hospital or health system from the effects of a data breach. To combat the threat of a data breach, Mr. Bruemmer recommends going above and beyond the risk assessments required by HIPAA, and like natural disasters, a formal plan should be created and rehearsed. The plan should include "an appropriate delegated authority so there's just one person in charge of everything — a single throat to choke," says Mr. Bruemmer.
"It's also important to practice the plan, not just put it on a shelf," says Mr. Bruemmer. Running through the plans helps to identify bottlenecks or missed cues, he says. His company has fielded an increasing number of requests from clients to practice these plans, and he says the results are always beneficial. "We either found gaffes, or we found it runs smoothly," he says. "Either way, it's helpful."
More Articles on Cyber Security:
FDA Raises Medical Device Standards to Prevent Cybersecurity Breaches
FDA Shares Practices for Healthcare Providers to Beat Cyberattacks
Hospital Cyber Security: 10 Emergency Prevention Tips