Do therapists need cyber insurance?

The demand for the services of therapists has never been greater in the UK, and your time is precious. So, we’ll keep this short and sweet; therapists should consider taking out cyber insurance. Here’s why.

Therapists are a lucrative target for cyber-criminals

Cyber-criminals have long enjoyed targeting the UK healthcare sector with social engineering scams. Healthcare businesses are lucrative for criminals due to the sensitive data they hold and lack of cyber-security awareness demonstrated by healthcare workers. Just one click on a phishing email scam can expose a system to attack, often for monetary gain in the form of ransom payments or fraud.¹ The average cost of a breach (with an outcome) in micro and small businesses is £8,170.²

The pandemic has made healthcare even more vulnerable to attack

With the world in flux, cyber-criminals took the opportunity to up the ante in their attacks on the healthcare sector. The Cyber Security Breaches Survey of 2021 suggests that the risk of attack is higher than ever, phishing attacks have risen from 72% to 83% between 2017 ‒ 2021. Among those businesses that have identified breaches or attacks, around a quarter experience them at least once per week.³

Your mistakes could result in data breach

Human error is the leading cause of data breach⁴, and people make a variety of mistakes that put an organisation’s data or systems at risk. You can be as vigilant as can be – but a slip-up can be costly. Some examples include:

• emailing documents with sensitive data by mistake
• sending sensitive data to the incorrect recipient via email
• accidentally publishing confidential information on public websites
• falling for a phishing email scam and clicking malicious links
• failing to maintain software causing vulnerabilities for hackers to exploit.

Businesses like yours are being aggressively targeted

There are bigger businesses out there, holding sensitive information that criminals could extort for more money. So why target your small therapy practice?

Recent surveys show medium to large businesses are more likely to take action to mitigate the risk and impact of a cyber-attack.

• Medium and large businesses are more likely to educate staff on cyber-security and teach them to be vigilant
• Small businesses are less likely to receive external support with their cyber-security
• The person responsible for cyber-security in a small business is usually someone outside of IT like the Director. Whereas in medium or large businesses this person is more likely to have an IT background.⁵

Improve your approach to cyber-security

No matter the size of your therapy business, take time to review your cyber-security policy, considering both preventative measures and how you’ll respond to an attack or breach. Insurers expect to see:

• risk management assessments, internal audits
• technical controls
• training and awareness initiatives
• governance approaches and policies.

Should the worst happen, cyber insurance helps by:

• Taking action
  As soon as you register an incident, the cyber policy reacts covering your liabilities on media, data security, viruses and hacking.
• Rectification
  It’s not just your liabilities that are covered. Customer notifications, credit monitoring and legal fees are also included.
• Repairing the damage
  Forensics identify root causes, and PR consultants can also be called in to mitigate damage to your brand.

Speak to the Oxygen team today about cyber insurance to help mitigate risk in your therapy business, and round off your cyber-security strategy.

Call them on 0330 1289 437 or request a call back at a time that suits you.

^Sources:

<sup>1. Infusetech.co.uk
2. Gov.uk/cyber-security-breaches-survey-2021
3. Gov.uk/cyber-security-breaches-survey-2021
4. Infosecurity Magazine
5. Gov.uk/cyber-security-breaches-survey-2021</sup>