Coming soon: Lower cyber insurance costs for better HIT defense
A new program will offer preferred terms and conditions from cyber insurers to healthcare organizations and vendors who are or become certified under the HITRUST Common Security Framework (CSF), a platform that supports numerous stakeholder security initiatives.
HITRUST, an industry-supported collaborative, has worked with Willis Towers Watson, an insurance brokerage firm, to educate cyber insurers on how CSF lowers risk and supports the cyber risk underwriting process.
Cyber insurer Allied World is the first company to offer preferred terms and conditions for CSF-certified entities, and at least two others should be on board by June, says Daniel Nutkis, CEO at HITRUST. Each insurer will determine its own preferred terms and conditions.
Under the program, Willis and HITRUST will work with interested insurers to explain the CSF program and how to assess risk levels and write policies so that cyber insurance premiums and benefits are commensurate with the risk, according to Nutkis. CSF certification could bring a reduction in premiums of as much as 30 percent, along with higher coverage limits, he adds.
Even organizations that are not fully CSF-certified, perhaps because of not achieving one or two security controls, would be considered to have “effective controls” and could have a lower level of preferred terms and conditions until fully certified, depending on the policies of various insurers, Nutkis says.
Cyber insurance, he adds, is quickly become must-have protection within the healthcare industry. “This is another validation that the CSF is an effective tool for security information for risk management.”