New industry-specific attacks are threatening law firms and hospitals. Insurers can help, but they need to address basic issues related to risk, coverage and pricing.

In my last post I contrasted global insured losses from natural and man-made disasters in 2015 ($37 billion, according to Swiss Re) with the estimated $445 billion in annual losses from cyber-crime of all types.

As cyber-crime evolves, companies in some industries are displaying particular vulnerabilities to certain types of cyber incursions.   Systems at several big law firms have recently been hacked, for example, and The Wall Street Journal reported that federal investigators are looking into whether the hackers intended to steal information for insider trading.  Law firms possess high-value information, including trade secrets and pending transactions, and it is not clear how sophisticated their cyber defenses might be.

In February 2016, Southern California’s Hollywood Presbyterian Medical Center paid a $17,000 ransom to a hacker who seized control of the hospital’s computer systems and would return access only when the money was paid.  The hospital paid the ransom – using Bitcoin, which is essentially untraceable – and stated that paying the ransom was the fastest and most efficient way “to restore our systems and administrative functions.”  The Los Angeles Times noted that, while so-called ransomware attacks are still relatively rare, hospitals (and the patient records they hold) are prime targets for hackers. In 2015, for example, hackers are believed to have accessed as many 4.5 million patient records in the UCLA Health System’s computer network.

Law firms and hospitals are just two examples of businesses that find themselves exposed to new risks due to cyber-crime.  From a strategic standpoint, insurers need to make good decisions about what kinds of coverage to offer and what kind of expertise is needed to help clients in these and other industries evaluate risk, improve cyber defenses and adopt appropriate remediation procedures.  Underwriting and risk management issues in this area are complex and unresolved, but the opportunity for companies with “first mover” advantage is enormous.

To learn more read:

Making your Enterprise Cyber Resilient

Business resilience in the face of cyber risk

Submit a Comment

Your email address will not be published. Required fields are marked *