Here are the five key takeaways from the study Holding Healthcare to Ransom by Marsh & McLennan Companies Asia Pacific Risk Center.
1. Healthcare is among the industries most vulnerable to cyberattacks. There have been more high-profile attacks in the past few years in the healthcare industry than others, and the sector will likely remain one of the most targeted given its sensitive data.
2. Business interruptions and the leak of customer information are the most critical cyber loss scenarios for the healthcare industry. Breaches can have major implications beyond financial losses – they can result in shutdowns and interruptions and impact the well-being of patients.
3. The healthcare industry incurs one of the highest financial costs, in the face of a cyberattack. Among cyber threats, financially-motivated threat actors, including internal parties, are the biggest concern for healthcare organizations. As shown by results of the Marsh-Microsoft Global Cyber Risk Perception Survey 2017, more than 70 percent of respondents from the healthcare industry expect that a cyber breach could cost them more than USD1 million per case, as compared to a cross-industry average of 65 percent (1).
4. Proactive measures are needed to increase visibility of cyber risk issues within healthcare organizations and distribute cyber risk management to a responsibility across the firm. While the risks are real and have been recognized by the industry, many healthcare organizations have yet to set up and implement a holistic framework, governance, and adequate Board oversight.
5. This paper highlights some examples of best practices across industries in cyber risk management, and several key areas for healthcare organizations to start focusing on, such as preparedness, prevention, detection, response, and recovery, including the use of cyber risk insurance as a risk-transfer tool.
(1) Marsh & Microsoft, Feb 2018. By the Numbers: Global Cyber Risk Perception Survey