Economics of Cyber Policies for Critical Care

Published by the UC Berkely Center for Long-Term Cybersecurity

A report from the UC Berkeley Center for Long-Term Cybersecurity explores how cyber insurance policies impact hospital preparedness and investment. Authored by Aden Klein, Premier’s Legislative and Policy Analyst, the paper leverages data from a survey of 116 Premier member hospitals across ten health systems to assess cyber insurance coverage levels, costs and adoption of cybersecurity best practices.

Key findings of the survey reveal that:

• Smaller hospitals pay disproportionately higher premiums per bed
  • Premiums ranged from $75,000 to $3.2 million, with an average premium of $676 per bed. Average premiums were:
    • $818 for health systems with fewer than 1000 beds
    • $369 for systems with 1000 to 2000 beds
    • $645 for systems with over 2000 beds
• Caps on insured losses were below $40 million for 80 percent of respondents, indicating that current loss caps for most systems fall short of covering the costs of widespread, long-lasting attacks.
• Most systems invest in cyber hygiene to qualify for insurance, with most respondents increasing cybersecurity budgets, hiring or elevating cybersecurity personnel, or implementing best-practice cybersecurity standards and controls.

To address these gaps, the author recommends policy solutions such as a federal cyber insurance backstop and pooled insurance programs. These models could redistribute risk, lower premiums and incentivize stronger cybersecurity practices across the sector.

Ultimately, aligning incentives and expanding access to affordable coverage could help healthcare providers build resilience against escalating cyber threats.