Resources & Insights

Average Healthcare Cyberattack Recovery Cost: $1.4 Million

February 12, 2019

What a difference a year makes, and when it comes to cybersecurity, we don’t mean in a good way. Consider some of the findings of a newly released survey:

It's critical that healthcare organizations incorporate better cybersecurity into their business plans, including protecting themselves with a cyber policy.
CCIG’s Jeff Parent.
  • The recovery costs attributable to a cyberattack increased a staggering 52% to $1.1 million between 2017 and 2018. It’s even higher in healthcare, climbing to $1.4 million.
  • Ninety-three percent of companies and organizations surveyed experienced a cyberattack in the past 12 months; only 7 percent claimed not to have experienced an attack.
  • Cyberattacks were a weekly occurrence for one-third of the entities.
  • Cyber-ransom continued to be the leading motivation of hackers and was the reason for 51% of the attacks.

There’s more, but you get the point: the survey from the cybersecurity software people at Radware – based on responses of nearly 800 organizations around the world – is as grim as it gets.

Government entities were hit most frequently, on a daily or weekly basis, it said, followed by healthcare and retail operations. One-quarter of service providers were attacked daily.

Also, healthcare institutions, pharmaceutical operations, medical insurance firms, labs and physicians are becoming more popular targets for attackers, it said. The value of medical records on the darknet is higher than that of passwords and credit cards.

It’s a 64-page report but if there’s just one Radware recommendation that you will want to note, it’s this:

“It is critical for organizations to incorporate cybersecurity into their long-term growth plans. Securing digital assets can no longer be delegated solely to the IT department. Rather, security planning needs to be infused into new product and service offerings, security, development plans and new business initiatives. The CEO and executive team need to lead the way in setting the tone and investing in securing their customers’ experience.”

So, assuming you follow that advice, what items will you want the C-Suite to explore?

Well, among other items, you shouldn’t be surprised to hear us suggest that a cyber insurance policy ought to be part of your risk management plans.

Cyber insurance obviously can’t protect your organization from cybercrime, but it can keep your business on stable financial footing should a significant security breach occur. Here are some of the more common expenses that a cyber policy will cover:

Investigation: Targets of a cyberattack (in healthcare or any other industry) typically need to spend money not only to fortify their systems but in determining what exactly happened and how to repair the damage. A cyber policy will reimburse you for the services of a third-party security firm.

Business losses: A cyber insurance policy may include losses experienced by network downtime, business interruption, data loss recovery and costs involved in managing a crisis, which may involve repairing reputation damage. Here, too, a cyber policy can help.

Privacy and notification: This includes required data breach notifications to customers and other affected parties, which are mandated by law in most states, and credit monitoring for customers whose information was or may have been breached.

Lawsuits and extortion: This includes legal expenses arising from the release of confidential information and intellectual property, legal settlements and regulatory fines. This may also include the costs of cyber extortion, such as from ransomware.

There’s more to be said about cyber policies, but know that, like any business insurance coverage, cyber policies will vary from insurer to insurer. Feel free to reach out to me to help you sift through the process. Either way, any organization (healthcare or otherwise) that stores and maintains patient or customer information or collects online payment information should consider adding cyber insurance to its budget.

Jeff Parent is an Insurance Advisor at CCIG. Reach him at or at 720-330-7918.

CCIG is a Denver-area insurance brokerage with the full-service capabilities of a national brokerage. We do more than make sure you have the right policy. We also help you manage your long-term cost of risk with our risk and claims management expertise and a commitment to service excellence.


Share this:
Back to Resources

Contact Us

Call us at 303-799-0110 or reach out by filling out a short form.

Get In Touch