The latest WTW claims data, insights from WTW Directors’ & Officers’ research, along with our specialist perspective, show the continuing importance of health and social care organisations enhancing cyber resilience.
Digital technologies including artificial intelligence (AI) technologies can improve efficiencies and outcomes for health and social care providers and users. However, they also pose increased cyber risks. Attackers are quick to evolve their techniques to exploit potential vulnerabilities as technology and risk profiles develop.
To help you stay ahead of the changing cyber risk landscape, we are sharing insights from WTW claims and research below. These perspectives highlight the increased pressure that healthcare providers are currently facing. Additionally, we examine recent cyber incidents within health and social care to support your understanding of the sector’s specific vulnerabilities, while also offering practical guidance to strengthen your cyber resilience. Lastly, we share the latest takeaways from the 2024 WTW directors’ and officers’ research, emphasising the vital role of senior leaders in protecting organisations from cyberattacks.
Our recent proprietary cyber claims data across all industries between 2012 and 2024 shows that healthcare remains the number one sector for the volume of cyber notifications. Additionally, the average claims cost is notable at £1.269m, with the largest claim reaching over £53 million. Without full insurance indemnification, providers would have to self-fund the significant financial impact of these cyber losses, potentially affecting their ability to fund and deliver frontline services.
Cyber notification by industry
Source: WTW proprietary cyber claims data from 2012 to 2024 - based on 3,750 claims globally of which healthcare comprises 700 notifications
A recent report by security specialists KnowBe4, titled "Rising Threat Of Malware Attacks In Ireland And United Kingdom Healthcare Sectors," states that U.K. healthcare organisations experienced a 74% increase in cyberattacks in 2022 compared with 2021.
WTW data shows that the primary drivers of claim costs are disruptions to care delivery and ransomware attacks. In these attacks, cybercriminals either block access to systems or encrypt data, demanding a ransom for release, decryption, or halting data publication. Ransomware attacks are closely followed by credit monitoring/ID protection as the second-highest driver of claims cost, resulting from data/privacy breaches.
Healthcare cost types incurred claims:
Source: WTW proprietary cyber claims data from 2012 to 2024 - based on 3,750 claims globally of which healthcare comprises 700 notifications
WTW's proprietary claims data reveals numerous noteworthy cyberattacks affecting health and social care organisations, each resulting in significant financial losses.
The above examples show how health and social care providers are vulnerable to outside threats, leading to disruption and expense. They emphasise the need for risk prevention measures like avoiding data breaches, securing effective insurance, and having strong plans for responding to incidents, all to improve cyber resilience.
Ransomware, now with double extortion (where attackers demand money to prevent them from leaking stolen data, as well as the ransom to decrypt files), is still a major worry. This was highlighted by the 2022 LockBit 3.0 malware ransomware attack, which crippled NHS 111 services, with the system infection arriving via a third-party vendor.
According to the U.K. Government’s 2022 Cyber Security Breaches Survey, the most common type of breach and attack is phishing – staff receiving fraudulent emails or being directed to fraudulent websites. This is followed, to a much lesser extent, by impersonation-where others impersonate organisations in emails or online-and then viruses or other malware.
This reminds us of how crucial it is for staff to stay vigilant. Most cyber attackers rely on social engineering techniques to breach an organisation's network, which could result in ransomware or double-extortion attacks.
The increasing use of AI and other digital technologies by health and social care providers will continue to create challenges for the sector to understand and manage. In its Cyber Strategy to 2030, the U.K. Government recognises "the importance of technology and data to effective care provision and cyber security as an essential enable of care assuring the safety of patients and service users." It also recognises the significance of health and social care providers being ready to handle, respond to, and bounce back swiftly from cyberattacks and security breaches to maintain uninterrupted care. The government suggests five pillars to cyber resilience:
The Government's strategy directs health and social care providers toward the National Cyber Security Centre's (NCSC) standard, the Cyber Assessment Framework (CAF), for critical national infrastructure. It suggests four key objectives:
To effectively manage cyber risk, it's crucial to shift away from siloed perspectives and instead broaden your view to integrate cyber risk into your organisation's overall risk management frameworks. This entails integrating cyber risk into your incident response, business continuity and disaster recovery plans.
To ensure your organisation's cyber resilience and to adopt a sufficiently comprehensive view of cyber risk, you need to be able to answer the following questions:
You can take a robust approach to managing residual risk by:
Having a clear, updated, and tested incident response plan is critical for effectively managing cyber risk. Collaborating with cross-functional stakeholders, you should develop an understanding of your critical business processes and the underlying systems and data they depend on. You'll then be able to align your incident response, including crisis management, business continuity, and disaster recovery policies under a single, effective strategy that moves beyond siloed approaches.
An effective incident response plan will include:
Cyber extortion, data loss, and cyberattacks continue to be ranked as the top three risks facing directors and officers in WTW's Global Directors' and Officers' Liability Survey Report 2024.
Cyber risks are always changing. According to the latest report from the National Cyber Security Centre (NCSC), cyber attackers are starting to use artificial intelligence (AI) tools in their operations, especially in reconnaissance and social engineering. They argue that this integration will make attacks stronger and harder to spot, possibly making it easier for inexperienced criminals to get involved and adding to the global ransomware problem.
This concerning trend puts more pressure on health and social care providers. They must put in place strong cybersecurity measures and respond quickly and effectively to attacks. Cyber risk goes hand in hand with the number four concern of survey respondents – data loss – a big issue for health and social care providers. Since the GDPR has been active for some time, providers have seen hefty fines issued by data protection authorities after breaches. The law is still evolving regarding claims from data subjects. Moreover, the costs directly associated with breaches can be substantial and there's a risk to reputation.
The WTW Global Directors' and Officers' Liability Survey Report highlights the value of effective cyber risk management leadership tactics, such as:
The report also highlights how cyber insurance remains a key part of organisations' cyber risk management plans, helping businesses mitigate the financial impact of cyberattacks and providing access to resources and expertise to help prevent and respond to cyber incidents.
For smarter ways to manage cyber risk and build cyber resilience tailored to the health and social care sector, get in touch.
