In today’s digitized world, no sector is safe from the worrying rise in cybercrime. Research from CrowdStrike found that 78% of companies were targeted by a ransomware attack in the past year, with IBM finding that ransomware costs for incidents disclosed by attackers sit at over $5 million.
And while cyber-attacks affect every industry, the nature of the exposure varies significantly from sector to sector. Healthcare organizations must protect sensitive patient records and maintain operational continuity, while manufacturers face risks tied to operational technology and supply chain disruption.
Retailers handle large volumes of customer payment data, making them prime targets for breaches, whilst financial institutions face intense regulatory scrutiny alongside the threat of sophisticated cybercrime.
In a recent interview with Insurance Business, Spencer Timmel, head of cyber insurance at Safety National, revealed that in the face of such differing cyber challenges, coverage has evolved to adapt to each sector’s individual needs.
“The public sector is at significant risk from a cybersecurity standpoint,” Timmel told IB. Municipalities, schools and similar public entities do not have the funds that private companies typically have. From that standpoint, they rely on legacy systems with sometimes outdated security tools and are therefore more vulnerable to cybersecurity threats – ransomware, improper disclosure of data and similar risks.”
Healthcare is another key area here, too. As Timmel told IB, the leading risk is centered around protected health information and the ability to treat patients
“Many of the largest claims are tied to ransomware targeting clinical systems or events that directly impact patient care,” added Timmel. “If systems go down and hospitals are forced to shut down emergency rooms or divert patients to competing facilities, they lose the ability to deliver care.”
From a hospital perspective, patient care is always top of mind – however, there’s also the potential of major liabilities if people don’t receive the care they need or if outcomes worsen due to a cyberattack. As Timmel told IB, in healthcare, the impact may be both clinical and financial. In many other industries, losses are primarily financial, but healthcare introduces a much higher level of risk, which is why threat actors often target healthcare entities.
“They know organizations are more likely to pay ransom demands when patient care is involved,” added Timmel.
In manufacturing, the focus shifts from traditional IT environments to operational technology (OT), including systems in warehouses, industrial control systems and production environments. Here, cyber incidents can shut down production lines, damage equipment, or disrupt global distribution – all of which carry major financial consequences.
“Customer expectations have changed dramatically over the last five years, we expect products to be on our doorstep within a couple of days…and sometimes within hours,” said Timmel. “Any disruption in the supply chain can have a tremendous impact on an organization’s reputation. And the reputational risk is certainly something that we don't want to overlook.”
Customers may opt to purchase from a competitor due to a delay caused by a cyber incident and may not return. And this is exactly what Timmel believes makes cybersecurity critical for protecting both operations and reputation.
In retail, as Timmel told IB, key risks include improper data collection, payment card data exposure and consumer privacy issues. While point-of-sale breaches have become less common, disruptions to e-commerce platforms can still be highly damaging. And, once again, if a retailer cannot sell products online, the financial and reputational impact can be significant.
Another growing issue Timmel pinpointed in retail is improper data collection, particularly related to pixel tracking technologies. These tools collect user information, often tied to IP addresses, for marketing purposes, but are not always properly disclosed – which in turn has led to a rise in privacy-related class actions, especially in the United States under wiretapping and similar legislation. And these claims are increasing rapidly.
“In financial services, the primary concern is [the movement] of money,” added Timmel. “Threat actors often target wire transfers, attempting to redirect funds. [Additionally], this sector is highly regulated, which brings increased regulatory oversight, fines and penalties – there’s a lot more class actions as a result of violating certain regulations too.”
When it comes to healthcare coverage specifically, there are generally two major areas of concern, the first is the improper disclosure of data – where insurers have developed strong solutions to handle regulatory investigations, violations (such as HIPAA), and associated liabilities.
The second area is operational disruption, particularly clinical downtime. In ransomware situations, the focus is on restoring systems quickly, facilitating ransom payments where necessary and addressing business interruption. As such, coverage has evolved to include contingent business interruption – where losses occur due to outages at third-party providers. For example, as Timmel told IB, if a key medical device supplier or electronic medical records provider experiences a disruption, it can directly impact a hospital’s ability to operate and generate revenue.
And this theory was made into a reality recently when medical device maker Stryker Corp was hit by a cyber-attack. The hack, which allegedly managed to wipe thousands of employee devices, is still under investigation – with the US government urging companies to secure their internal tools.
In manufacturing, one major concern is reliance on a single supplier. If a critical component is sourced from only one provider and that provider is disrupted, it can halt production – and this risk is greater in highly technical or specialized manufacturing environments where components are harder to replace. This concept, often referred to as a “single point of failure”, applies across industries. Whether it’s a hospital relying on one electronic medical records provider or a manufacturer depending on a single chip supplier, these dependencies are key considerations in both risk management and underwriting.
In retail, beyond operational disruption, reputational risk is especially significant. As Timmel told IB, negative media coverage following a cyber incident can have lasting effects, particularly in an industry with already thin margins.
“At Safety National, we’ve always taken a highly tailored approach,” he explained. “That really is fundamental to Safety National, not only our cyber product but all of our other lines of business. We began 85 years ago with one product – excess workers’ compensation. Now we work with large organizations, tailoring our products specifically to their needs.
“There are a lot of insurance companies out there that want to underwrite everything – that's not us. We want to take a tailored approach to the programs that we put together for our customers, and we want to get to know our customers as their businesses change. At Safety National, we’re focused on companies with revenues of $500 million if not more than a billion dollars a year.”
And equally important at Safety National is that element of quick response. As Timmel told IB, when a client has an unexpected event, it’s all about honing how quickly Safety National’s team can respond to them.
“A lot of that centers around our incident response vendors being proactive – they both respond as well as provide education here. At Safety National, we’re doing a lot of this in the public entity space nowadays. At the end of the day, we’re excellent at the risk transfer piece – but we really want to improve our insurance ability to prevent and respond to cyberattacks.”
This article was created in partnership with Safety National.
