A majority of companies, including healthcare organizations, now rank cybersecurity risks as greater than natural disasters, fires and other major business risks, according to a new survey by the Ponemon Institute.
In a previous study, Ponemon put the average cost of a data breach at $188 for each lost or stolen record.
Looking at healthcare in particular, it reported that 94 percent of the 80 participating healthcare organizations experienced at least one data breach that they were aware of in the previous two years, and that such breaches cost organizations a total of $6.78 billion annually.
Among the new survey findings:
- Protecting against the financial impact of cyber security risks ranks as high as or higher than other insurable risks.
- Responsibility for managing that risk is moving outside the IT department, with risk management or compliance officers more likely to manage that.
- Most companies either have cyber security insurance or are considering adoption. Thirty percent of respondents notetheir company has no interest in purchasing a policy at this time.
Healthcare and pharmaceuticals represented the third-largest industry segment polled.
Jared Rhoads, lead author and senior research specialist for a report from CSC's Global Institute for Emerging Healthcare Practices, previously recommended taking a holistic approach to managing the risk posed by cyber criminals.
Privacy experts speaking at the Healthcare Privacy Summit earlier this summer said healthcare organizations tend to be too reactive in their approach to health data security.
But the industry is waking up to the risk. A new survey of the cyber security workforce by the public-private partnership Semper Secure just found healthcare the fourth-largest employer of cyber professionals after government, manufacturing and defense/aerospace.