It’s rare for a week to pass without a cyber incident hitting the headlines. One week in July, one of the two Singaporean government health databases was breached with 1.5 million patient names and addresses being compromised.
The hackers infected a SingHealth computer with malware granting access to the database’s contents. No medical records are thought to have been stolen, but the event again highlighted that even well-resourced government organizations are not immune to cyber-attacks.
The healthcare sector, with a huge concentration of personally identifiable information, is a prized target for cyber criminals. Unlike credit card data, which can be destroyed and reissued, healthcare data belongs to an individual for life – you can’t change your blood type! On average it remains by far the most valuable data type to steal due to its’ resalable value on the black market. It is therefore of little surprise that the BBC reported, “The data of Prime Minister Lee Hsien Loong, including information on his outpatient dispensed medicines, was specifically and repeatedly targeted.”
Over the past three years, the number of JLT clients purchasing cyber insurance protection has more than doubled and average policy limits, amongst our top five clients, have increased from USD 5million to USD 15million in Singapore. So what has prompted this explosive growth in an industry where traditional classes of insurance grow on average at 3-4% in a good year?
Today, most sustainable organisations are built around reliance on technology and the ability to harvest, analyse and securely retain data. Cyber insurance has evolved to provide effective cover for these two main risk areas: nonphysical damage business interruption and data privacy and security. Taking Friday’s incident as an example, a well drafted policy would have provided indemnification for the following:
- Crisis response costs, including a breach coach to coordinate the full suite of services required from forensic investigators, lawyers and PR consultants
- The costs incurred by the organisation to notify affected individuals
- The costs to comply with any regulatory investigation
- The legal defence and damage costs incurred in the event of action being brought against the organisation
- The costs to reconstitute or repair any deleted or damaged data.
Cyber insurance remains a relatively new product and the lack of true industry wide expertise in this area has often led to client confusion and scepticism in the product. At JLT we have positioned ourselves as thought leaders in this area, constantly innovating with new covers and structuring some of the most complex insurance programmes in the region.
Download Cyber Decoder
For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on firstname.lastname@example.org.