Did you know that almost half of all ransomware attacks target municipalities? According to research by Barracuda Networks, 44% of global ransomware attacks in 2020 were aimed at municipalities.
Now you might be thinking that cyber attacks like these are only aimed at large municipalities, cities like Pittsburgh or Philadelphia. Not so!
In 2019, a hacker struck a smaller borough in Pennsylvania with ransomware, demanding $50,000 to restore their computers. Sadly, because their computers and information could not be restored through other means, the borough ended up paying the ransom. The population of this town – less than 1,500 people!
Along those same lines, on July 2, 2021, two small Maryland towns (North Beach, MD, population 2,600 and Leonardtown, MD, population 3,749) fell victim to a ransomware attack. This attack completely shut down their servers, preventing their employees from using any of their computers.
These hackers requested $45,000 per computer to restore files and give those boroughs access to their computers again.
With the help of their IT firm, these small towns recovered their data and computer systems without paying the ransom. However, these boroughs could not use their computer systems for over a week! Absolutely crippling for any municipality!
And boroughs are not the only kinds of municipalities seeing an uptick in cyber crime.
Cyber risk is now the number one threat to water authorities. Early this year, a hacker tried to adjust the sodium hydroxide levels at a water authority in Florida. And since March 2021, three other water treatment facilities faced ransomware attacks as well.
All public entities are at risk for a cyber attack.
If your municipality has a website, email addresses, or uses the internet, you are vulnerable to a cyber attack.
You don’t even need your own email server. A hacker can gain access to your computer and server through a Gmail account!
All this begs the question: What can you do to protect your entity in the case of a cyber attack?
As a seasoned insurance professional, I have worked with many municipalities to help them with their cyber risks. Typically, when I meet with a municipality about cyber protection, we start with these two topics:
- Understanding the potential impact of a cyber attack on their municipality
- Discussing how cyber liability insurance will offer financial protection to their municipality
#1 What is the potential impact of a cyber attack on our municipality?
Before jumping into how to protect your municipality, it’s important to understand the basics of the cybercrime problem today.
A cyber attack can happen through several different means, including:
- Ransomware and malware attacks that install a harmful program on your computer or server
- Data breaches acquiring personal or sensitive data through your borough’s server or computers
- Phishing and whaling attacks that gain sensitive information from an unsuspecting employee
- Social engineering where a hacker impersonates a borough employee to get information or money from a vendor, a contractor, or other individuals
- Distributed Denial of Service attack (DDOS) which crashes your server or system by overwhelming it with data
This is just the tip of the iceberg when it comes to cybercrime. Cybercriminals are becoming more and more advanced every day.
Recovering from a cyber attack can cost your public entity significant amounts of money. You may have to pay for:
- Cyber forensics needed to determine the cause and scope of an attack
- Fines for each record of compromised data lost in a data breach
- Postage and mailing to individuals whose information has been compromised through a data breach
- Legal fees incurred through litigation related to a data breach or phishing scheme
- Ransom payments to a hacker to recover your data and unlock your computers
- Damages to other people’s or businesses’ computers or any resulting expenses or lost revenue they encounter.
At the same time, your municipality can become completely crippled while you wait for IT experts to get you up and running again!
And these attacks can be quite expensive – costing anywhere from $25,000 to millions of dollars.
That’s the bad news!
The good news is that you can financially protect your municipality by putting in place a solid cyber liability insurance product.
#2 What protection can Cyber Liability Insurance give our municipality?
When it comes to cyber protection, the first line of defense for every public entity is cyber liability insurance.
Regardless of your size or technological abilities, any municipality that utilizes the internet or has a website or email addresses is open to a cyber attack. I cannot overstate this reality!
Cyber liability insurance provides financial protection if your entity falls prey to cybercrime.
Depending on the policy that you purchase, you will have coverage for data breaches, legal fees, forensic fees, fraud, theft, loss of income, extortion, and even reputation management.
Difficulties Applying for Cyber Insurance
Completing a cyber insurance application can be a deterrent for many municipalities. Many questions on a cyber insurance application are very technical, with wording that many people just don’t understand.
If your municipality has an IT team, you may need to have them help with filling out the cyber insurance application.
If you do not have an IT team, you may get discouraged when filling out the application. The terminology can be challenging, and knowing where to find the information needed can be confusing.
This should not stop you from getting this essential coverage in place. Your insurance agent should have the resources needed to help you complete your application. It is your agent’s job to help you with this.
Another difficulty in applying for this coverage is limited availability. Not all insurance companies offer cyber insurance. Your municipality may need to acquire this product through a stand-alone policy.
Differences in Cyber Liability Products
As you begin looking for a solid cyber liability product, you need to know that all cyber liability insurance is not the same.
Many insurance companies will add cyber liability coverage to your general liability policy in the form of an endorsement or enhancement.
While this does give some measure of protection, most insurance “add-ons” to your general liability policy will never have the same amount of protection as a stand-alone cyber liability policy.
As an “add-on,” you may find that your limits are not adequate or that there are exclusions to what your insurance company will cover. In this scenario, your coverages might be extremely limited.
Purchasing a stand-alone policy is the best way to make sure you are adequately covered. Your insurance company may offer an additional stand-alone policy that you can buy.
If your insurance company does not offer this product, there are many cyber insurance niche companies where you can apply for coverage.
The Importance of Sublimits
When you purchase a cyber liability policy, you will need to pay extra attention to your policy’s sublimits.
For example, your policy may have an aggregate limit of $1,000,000. However, you may find that the social engineering sublimit is set at $10,000. The average cost of a social engineering attack is $130,000.
A $10,000 sublimit will not give your borough the coverage you need for this kind of attack.
Another example would be your policy’s sublimit for extortion loss or ransom payment. Let’s say that your sublimit is set at $10,000. In 2021, the average cyber ransom demand is $300,000.
A sublimit of $10,000 will not even scratch the surface!
Your insurance agent should make sure that your sublimits reflect your municipality’s level of cyber risk. When you meet with your agent to discuss your coverages, be sure to ask them about your policy’s sublimits.
Our municipality needs to get cyber liability coverage in place. What’s the next step?
If your municipality is currently unprotected when it comes to cyber liability insurance, it’s critical to get that ball rolling right away.
Your insurance agent should be able to direct you to a product that will meet the unique needs of your municipality.
If you are a Pennsylvanian municipality, our agency is ready to help you with your cyber liability policy. Our team has significant expertise in the area of cyber liability.
We also have a great deal of experience working with municipalities – servicing all kinds of public entities since 1880.
At Baily Insurance, we partner with top-rated insurance companies that specialize in municipality and cyber insurance. We can thoroughly assess your municipality’s risk – cyber and otherwise – and customize your insurance to meet your needs.
We also help our clients take measures to prevent cyber attacks. We believe cyber preparedness is essential to a successful insurance program.
If you have additional questions about your municipality’s insurance program, please let us know by filling out the form below. Or if you have other questions about this important topic, drop us a line so we can address it with a future article.