Cyber security stakes are high.
A recent court case in California, in which a healthcare provider had a data breach and filed a claim with its insurance company only to have the claim denied, is underscoring the critical need for businesses to invest in cybersecurity.
In an article in “The Security Ledger,” a cybersecurity news website, the California healthcare provider had a data breach affecting nearly 33,000 patients. The company’s insurance provider is denying the claim on the grounds of lax security practices, according to The Security Ledger.
The insurer alleges the healthcare provider failed to install encryption and other security measures to prevent patient information from being easily compromised on the Internet, according to The Security Ledger.
The compromised data from a four-year period included the names, addresses and dates of birth of patients, as well as medical information such as the diagnosis of their health issues, results from lab tests and the corrective procedures that were performed, according to the article.
Whether or not what’s happening with this case in California — the denial of an insurance claim due to lax cybersecurity — becomes a nationwide trend remains to be seen.
But business owners should take note because the healthcare company is looking to be reimbursed $4 million for the data breach loss and the insurance carrier is seeking reimbursement of anything it pays out, according to the article. There’s a lot of money at stake, not to mention the reputation of the healthcare company and its future viability
The cyber insurance market for businesses is booming, growing at a rate of 38 percent annually, according to the AON Global Risk Insight Platform.
Sera-Brynn helps business owners and executives in selecting insurance policies with adequate coverage, or write their own policy. We identify premiums with inadequate coverage, such as ones that may try to exclude breaches from malware or ones that preclude inclusion of patents and trade secrets, often a prime target for cyber thieves.
But clearly it’s not enough to just have cyber insurance.
From compliance, to knowing what information to protect, to employee training on identifying cyber attack risks and even incident response plans in the event of data breaches – it’s all vital.