Cyber ​​security spending will likely continue to take over the IT budget next year as threats become more sophisticated, according to a Nov. 13 report from Moody’s.

“The increasing digitization of the sector means that risk mitigation strategies will remain a priority, requiring continued investment in cyber security,” according to the report. “Healthcare provider spending on cybersecurity management will continue to grow, with cyber spending as a percentage of total technology budgets increasing to approximately 7 percent in 2023, from 5 percent in 2019.”

Here are four takeaways from the report:

1. Multi-factor authentication and a strong incident response plan will be critical to protecting data and continuing offline operations if an attack occurs.

2. Use of third party software providers for clinical, operational and revenue cycle functions adds risk; after the attack on Change Healthcare in early 2024, health systems had to employ alternative sources of liquidity.

3. Health systems with greater cash reserves are in a better position to navigate potential disruptions to clinical care and operations due to a cyberattack.

4. Moody’s expects hospitals to continue to purchase cyber insurance at a high rate as the number of lawsuits and class action claims increases. But trends in the size and volume of ransomware attacks may mean cyber insurance products are less profitable.

“The resulting effect includes insurers imposing more stringent terms and conditions and increasing premiums, which will further increase costs,” the report said.