While rates in the cyber liability market have remained stable in 2024, cyber incidents and related claims continue to increase rapidly. In fact, the resulting annual costs from cybercrime incidents is on track to reach $9.5 trillion in 2024, according to Bluefin. This figure is anticipated to rise to $10.5 trillion by 2025. No industry or organization, be it a law firm, healthcare practice, bank, or any other entity, is immune from the threat of a cyberattack. In fact, even the largest, most reputable, well-secured organizations in their respective industries are at risk.
Personally Identifiable Information (PII) Breach
On February 21st, 2024, a breach occurred at UnitedHealth Group’s Change Healthcare, a critical part of the U.S. healthcare infrastructure processing 50% of all medical claims in the country for approximately 900,000 physicians, 33,000, 5,500 hospitals, and 600 laboratories. The breach was executed by Blackcat, a notorious ransomware group, who held the system for ransom.
It was reported that the threat actors gained access to 6TB of data, which included patient records, payment information, and much more. It took a full month for Change Healthcare to get their systems fully back online and running, and they ultimately paid the Blackcat group a $22 million ransom.
However, the expenses related to this event did not stop there; Forbes reported that the estimated cost for system restoration reached $600 million. This figure does not account for customer support breach costs, such as notifications, ID protection, credit monitoring, etc., or legal costs and fines/penalties. Change Healthcare’s CFO believes that by the end of the year the cyberattack will have cost the firm approximately between $2.3 billion and $2.45 billion.
Cyber Risks
Despite the heightened risk of cyberattacks, businesses of all sizes remain ill-prepared. Over 20% of businesses fail to implement even the simplest of cybersecurity measures such as firewalls, password hygiene, and system updates, making them prime targets for threat actors. Furthermore, a staggering number of businesses still do not purchase cyber liability insurance coverage at all. A study by Travelers states that 53% of small businesses, 18% of midsized businesses, and 17% of large businesses do not currently carry cyber coverage. So not only do they lack security on the front end in cyber incident prevention, but they also lack protection on the backend for if and when a breach does occur.
Cyber insurance is just one leg on the cyber security stool. Firms should also implement tools and procedures to mitigate loss. Many businesses have not even implemented firewall, antivirus software, data backups or Multi Factor Authentication. Further most firms don’t provide annual training to employees, yet it is proven that human error and employee mistakes result in 95% of all reported breaches.
The Sentinel Cyber Portal
Sentinel takes pride in our expertise in the cyber liability field. We will not only provide cybersecurity incident prevention education and best practices (see the Sentinel Cyber Portal), but we will also work to ensure you have adequate coverage should you fall victim to a cyber incident. Oftentimes it is not if, but when a claim will occur. Knowing you have the tools, protection, and support when it does occur is critical. Contact Sentinel today to learn more about Safeguarding Your Success.
