The healthcare industry faces cybersecurity challenges, with approximately 133 million data breaches reported in 2023 alone.
This surge in attacks has caused cyber insurers to reevaluate their risk models and underwriting processes, and has led to increased requirements for healthcare organizations seeking coverage.
Christopher Henderson, senior director of threat protection at Huntress, a cybersecurity company that supports internal and external IT teams, explains the unique nature of cyber insurance: “Fires aren’t actively looking for better ways to burn down your house.
“With cyber insurance, you’re fighting an adversary that can develop and pivot faster than your insurance can expire.”
Evolving Insurance Requirements
Cyber insurers are increasingly relying on past breaches, incident response firms, and both open and closed source threat intelligence to update risk models and identify effective controls.
Christopher points out: “Cyber insurers want to ensure that IT help desks have documented procedures and policies for verifying that people calling to reset passwords, set up multi-factor authentication, etc. are who they say they are.”
These new requirements reflect a growing trend of intrusions being initiated through social engineering attacks against IT teams to obtain administrative credentials.
But as threats evolve, Christopher expects insurance requirements to become more stringent: “We may see insurers demanding third-party audits before finalizing a policy.”
