Earlier this year, we and the World Economic Forum published a report called “Risk and Responsibility in a Hyperconnected World.”
Our joint goal was to provide a fact-based assessment of the cyber risks institutions now face and their potential impact, a perspective on how the cybersecurity environment could evolve in the next five to seven years, and practical options for achieving cyber resiliency.
After interviewing executives at more than 200 enterprises, technology vendors, and public agencies, we uncovered three primary ways in which cybersecurity affects enterprises – and the healthcare industry, in particular:
1. Despite years of effort, and tens of billions of dollars spent annually, the global economy is still not sufficiently protected against cyberattacks, and the risk is getting worse. The potential impact is enormous: cyberattacks could materially slow the pace of technology and business innovation, with as much as $3 trillion in aggregate impact.
- Healthcare systems are rapidly digitizing their operations and services to meet patient needs, reduce costs, and increase competitiveness. A rise in cyberattacks could slow adoption of newer technologies ranging from electronic health records to more sophisticated medical devices and solutions (e.g., telemedicine, connected infusion pumps, and robotic surgery).
- A relatively high proportion of the healthcare executives we interviewed believe that the sophistication or pace of cyberattacks will increase quickly, and all of them agreed that attackers’ capabilities will likely outpace the capabilities of their organization.
2. CIOs and other enterprise technology executives agreed on seven practices they should put in place to improve their organization’s resilience in the face of cyberattacks; however, most gave their institutions low scores in making the required changes.
- The healthcare sector appears to be the most underdeveloped, with 56% of healthcare respondents believing that their company spends insufficiently on cybersecurity.
3. Given its cross-functional, high-stakes nature, cybersecurity is an issue requiring leadership at the CEO level; progress toward cyber resiliency can only be achieved with active engagement from the senior members of the management team.
- For healthcare institutions, the impact of data loss or compromised quality could be massive. Not only could it result in reputational damage and high costs (including HIPAA fines), but it could also effectively shut down the organization.
- Healthcare executives are more worried about insider/employee threats than are leaders in any other industry – 41% of the healthcare executives rating those threats as one of the top two risks likely to have a strategic and negative impact on their bottom line.
- Given this level of concern, healthcare institutions have little choice but to embrace cyber security. The effort should be a company-wide initiative, not just a set of technical solutions. (e.g., frontline personnel should be educated about the value of information assets).
The “action gap” is clear. We hope this research provides some additional fuel to help you outpace both your competitors and potential threats to cybersecurity.