According to global cybersecurity advisory firm Herjavec Group, the healthcare industry is projected to invest as much as $125 billion into cybersecurity between 2020 and 2025. Experts say the increased cybersecurity spending is in response to the alarming growth of cyber criminals who are taking advantage of an unusual moment in time—a time when healthcare companies are so much more vulnerable to a breach because they are directing a lot of focus on the coronavirus pandemic and increasing their reliance on remote communication and telemedicine technology.
In an environment of increasingly narrowed profit margins within the healthcare industry, chief information security officers and other C-suite leaders may be left wondering if these billions of dollars are worth the investment. To help clarify this question, let's see how the cost of data security stacks up against the cost of security breach.
Investing in Data Security Strategies for Healthcare Companies: What to Expect
A recent report fromIBM Security found that the healthcare industry has the highest average cost associated with data security breaches, with an average breach costing just over $7.1 million. In comparison, healthcare organizations can expect to spend less than this on implementing appropriate cybersecurity measures, including:
The exact costs of these strategies depend on the size of an organization, the type of data being stored, and other factors. But cybersecurity experts and investigations generally agree that investing in these technologies and services can pay dividends for a healthcare organization by increasing efficiency and workflow, avoiding security threats, preserving patient privacy, and ultimately establishing their brand as forward-thinking, innovative, and trustworthy.
It's also worth noting that having an appropriate cybersecurity plan in place could even minimize the costs of a breach in the event that one does eventually occur. An example: one academic medical center, University of California Irvine Health, avoided having to pay any fines associated with a2017 data security breach because they were able to show they had an appropriate remediation plan and were able to execute it effectively.
Incredibly, it's been found thatjust 5 percent of the average hospital's IT budget is allocated to cybersecurity measures—a paltry figure given that more than 8 out of 10 hospitals report significant cybersecurity incidents. As a benchmark comparison,a recent survey by Deloitte and the Financial Services Information Sharing and Analysis Center determined that the typical financial firm allocates 10 percent of their IT budget to cybersecurity measures. This is double what's typically spent in the healthcare industry and equivalent to around $1,300 to $3,000 per full-time employee.
Fortunately, it seems as if more healthcare leaders are paying attention to the growing trends.According to Becker's Healthcare, nearly 40 percent of healthcare organizations increased cybersecurity spending between 2017 to 2018.
The Bottom Line
It costs less to prevent cybersecurity attacks than it does to correct them once they happen—especially when you include the direct and indirect costs of security breaches, including legal and restitution fees, lost productivity, and decreased public trust and brand reputation.