As cyber hackers prey on municipalities, breaching networks and infecting them with ransomware or stealing data, some cities have decided to take matters into their own hands and protect themselves. The Houston Chronicle recently reported that Houston’s city council has agreed to spend $471,000 on cyber insurance, joining Dallas as another major municipality in the state that now has coverage for technological risks.
More organizations are becoming targets of cyberattacks – Argo Group’s cyber insurance survey found that 64% of brokers reported their SME clients suffered an increase in security breaches in the past year – and public entities are no different. The insurance industry is responding to the threats facing cities and towns by offering solutions that fit their needs and budgets.
“The marketplace has structured policies that fit that market segment,” said Thom Rickert, vice president and emerging risks specialist of Trident Public Risk Solutions. “They offer lower limits – $500,000 or $1 million – covering the basic exposures of first party damage, a sublimit for ransomware – maybe $25,000 to $100,000 – and at least third party or personal identifiable information limits between $500,000 and $1 million. Deductibles are fairly low – between $5,000 and $10,000 for that type of risk.”
The biggest issue with getting public bodies up to speed with effective cyber measures is the disparity in infrastructure across departments.
“Different departments may be on different platforms, using different software. Some may be using off premises storage facilities or cloud software, others may be using local servers, so that infrastructure makes it difficult for them to have a unified vantage point,” said Rickert. “Many communities now are looking at that – how do we unify our systems or get some consistency in our systems?”
With budgets often too limited to bring on IT professionals, municipalities tend to rely more on service providers, such as their insurance agents, to help them access certain resources. Meanwhile, a lack of training around what cyber threats look like continues to be an issue, leading employees to be manipulated by phishing emails.
The time for mitigation is now as cyber risks spread – today, not even your neighborhood library is safe from a cyberattack.
“There are no safe places. It’s been across the board, and it’s been continued ransomware attacks for these communities because the perpetrators want to collect something,” said Rickert.
“They’re not million dollar demands – they’re $5,000, $8,000, $23,000. It’s a diminutive amount, but nobody wants to get in the habit of paying that. Some communities have chosen to make the payment in order to keep their systems from going down. That’s still the most frequent type [of attack] and it goes across the different segments, whether it’s a special district, a county, a police department.”
