According to a recent report by Deloitte, local governments have become primary targets for ransomware attacks in recent years.
Cyber attacks on municipalities were rising at an alarming rate even before the pandemic. KnowB4, a security awareness training company, reports that known attacks on local governments rose by 58.5% from 2018 to 2019. Malicious activity skyrocketed from there in 2020 as hackers found ways to exploit the conditions created by the COVID-19 pandemic, especially with the sudden growth in teleworking.
Cybersecurity researchers have seen attacks on local governments rise as much as 667% in just the first few months of the COVID-19 outbreak.
Surprisingly, many of the cyber attacks on municipal governments aren’t complicated and could be avoided through simple steps such as password hygiene, user education, and two-factor authentication. A cyber risk assessment and insurance coverage are key in preparing local governments against cyber threats.
The Cost for Local Governments
Ransomware attacks cripple a network’s key functions as the hacker exhorts a ransom while holding government data hostage. Because these hacks often compromise thousands of personal data entries, many local governments have opted to pay the ransom rather than leave their citizens in danger. The average downtime resulting from a ransomware attack is 9.5 days, during which necessary services and vital information cannot operate.
Once an attack occurs and a ransom is demanded, there is no escaping the fiscal cost of the incident. Either the city or state must pay the ransom or the cost of recovery. For example, when a Georgia city was hit in 2018, attackers demanded $55,000 in Bitcoin. The city decided not to pay the ransom but ended up shelling out $17 million in recovery costs.
This is an extensive amount of financial damages for a simple human error.
What Does Cyber Insurance Bring to the Table?
Given the extreme vulnerability of cyber security in municipalities, it’s clear that additional protection is needed. Getting cyber insurance will not only provide fiscal coverage in the event of a cyber incident, but can also help improve cyber readiness overall. Here are four major benefits of having cyber insurance:
- Evaluation
To be eligible for a cyber policy, organizations must answer a series of questions and in some cases, have their network scanned. This process allows cyber insurers to evaluate the level of risk for a cyber attack. The benefit of this evaluation is that it can help alert organizations about how to improve key aspects of their cyber security infrastructure. - Risk Management Practice
Based on the above evaluation, local governments will have enough information to perform a risk assessment. Understanding weaknesses will allow for better risk management practice in the future. This includes documentation of cyber risk and compensating controls, recovery measures, and creating an incident response plan. Having an incident response plan at the ready can reduce losses by hundreds of thousands, if not millions, of dollars in the event of a breach. - Transfer of Financial Risk
Cyber liability insurance provides fiscal security to state and local governments by transferring the risk to an insurance company. Most cyber policies include both first and third-party coverage, which typically pays for costs associated with damaged/lost electronic data, loss of income, cyber extortion, reputational damage, media liability, and regulatory proceedings. In many cases, cyber insurance will also cover the cost of a ransom payment.
Partner with ProWriters for Cyber Coverage
City and local governments stand to gain a great deal from cyber coverage as attacks continue to rise throughout the United States and the world. Our Cyber IQ Comparative Rate Platform allows brokers and agents to access a platform where policies from different carriers can be compared in minutes. Because cyber coverage varies depending on the unique factors of each organization, using our comparative platform is the best way to find the most targeted coverage.
Based on the results of a cyber evaluation and other factors, a cyber plan can include support services as well as financial coverage. For example, a plan may include domain monitoring and network threat detection, which improves a local government’s ability to detect and defend against attacks.
To learn more about how to explain cyber risk management to your government clients, download our free infographic here: Cyber Risk Management 101.
To speak with an expert at ProWriters, we invite you to schedule a call today!