Health insurers are particularly attractive targets for cyberattacks as the magnitude of information stored about their clients is much more than that held by banks or credit card companies, according to an insight report from Timetric’s Insurance Intelligence Center.

The IIC report, The Future of Cyber Risk Insurance, explains that cyber risk encompasses damage caused by cyberattacks and any liability involving compromise of data integrity.

Security breaches are a type of cybercrime that can be the result of one or a combination of the following factors:

  • Security breaches through cyberattacks from external environment, such as cyber extortion or espionage, in order to gain access to an information system
  • Unintentional or accidental breach of security, such as information sent to the wrong email or loss of a laptop
  • Operational risks due to inappropriate security controls, making IT systems vulnerable

Cyber threat actors such as malicious insiders, hacktivists, nation states and organized cybercriminals continue to develop and advance their techniques to launch cyberattacks.

For example, the IIC report explains that 2.32m nationals were victims of medical theft identity in the US in 2014 – an increase of 21.7% in comparison to 1.84 million victims in 2013 – according to Fifth Annual Study on Medical Identity Theft by the Ponemon Institute.

Additionally, the digitalisation of records and use of wearable devices in health insurance to monitor the health of policyholders expands the insurer’s exposure to the cyber environment.

The cost to remediate the impact of data breach incidents is increasing along with the rise in the frequency and intensity of cyber incidents.

The average total cost of data breach globally increased from US$3.52 million in 2013 to US$3.79 million in 2014, according to 2015 Cost of Data Breach Study-Global Analysis by Ponemon Institute.