Cyber Insurance is Tough for Local Governments

Ransomware attacks are on the rise in the United States and local counties are scrambling to keep their cyber systems insured. For those who lack cyber protection, the price can be both costly and time-consuming.

During the 2019 Baltimore Ransomware Attack, the city of Baltimore was targeted by a variant of ransomware called Robbinhood. As a result, the majority of the city’s essential servers were immediately shut down. In order to reverse the damage, hackers demanded 13 bitcoin – roughly $76,000. If the city failed to pay the ransom, the amount would increase, as would the intensity of the shutdown.

Ultimately, the city refused to pay the ransom and the total cost of the attack far exceeded the initial amount requested by the hackers. Throughout the event, the city struggled to maintain its systems. The Real Estate Accounting and Services Division was heavily impacted as it housed systems for tax collection, title fees, and even water bills. It is estimated that Baltimore lost more than $8.2 million in revenue from this division alone. The total price of the attack was more than $18 million.

While costly, the Baltimore incident is not anomalous. According to Brett Callow, a threat analyst at Emsisoft, there were more than 150 cyber attacks on local municipalities, school districts and universities in 2021.

As the threat of cyber attack against counties has never been greater, insurance companies are making it clear that insureds need to take action if they wish to remain covered. Gone are the days when a county could merely answer a few questions to receive cyber insurance. Today, insurance carriers require an in-depth and bottom up understanding of a county’s security practices and protocols.

While the majority of insureds recognize the need to secure their own systems, many are finding it difficult to keep up. As technology advances, some local governments are becoming increasingly stretched for resources. In smaller towns, there may simply not be enough employees involved to dedicate time to cyber security. In the event that a county is denied access to cyber insurance, there is no clear path to get protected.

Tim Oliver, the Chief Information Officer of Horry County, South Carolina has firsthand experience with this stressful process. His county, which is home to roughly 365,000 people, was 2 months away from losing access to its cyber policy. In his case, he had to round up the resources necessary to strengthen his county’s cyber practices such that they would satisfy their insurance company. Luckily, his county has over 3,000 employees, making it possible (though unremittingly stressful) to meet the standards of their cyber liability carrier.

Smaller communities do not have the same luck, which is forcing them to get creative. When denied access to a cyber security policy, the standard reaction is to simply hope for the best. The challenge is that, at this point, many county officials are aware that cyber security is a real threat with legitimate and everlasting consequences.

In order to combat their vulnerabilities, some uninsured cities are creating their own cyber security insurance policies. In effect, this means that officials are setting aside money in the event that a ransomware attack or data breach affects their city directly. While this does not tighten up cybersecurity loopholes, it does provide a sense of preparedness should an attack occur.

The good news is that local governments are beginning to take ownership of their security policies. Moving forward, insurance brokers can help these cities become more proactive in covering up their vulnerabilities by educating them on the steps they must take in order to qualify for a cyber policy

Not sure where to start? One great way organizations can prepare for the next big cyber security attack is by checking out our Cyber Security Marketplace.

The Limit Perspective

Limit is a digitally-native wholesale insurance broker working on behalf of retailers in multiple lines of insurance and across the United States. Our platform allows clients to:

  • Obtain instant quotes from top cyber insurers
  • Find up to $3M in Insurance coverage automatically
  • Receive a plan with customizable and comprehensive coverage
  • 24/7 support

Limit is building a lean, tech-enabled business that can efficiently deliver insurance policies which are tailored to the needs of individual clients. We have taken some of the first steps to revolutionizing the industry and welcome you to learn more on our website: https://www.limit.com

Please reach out and connect with us and our representatives on LinkedIn as well.

More from this Author