Cyber Insurance is Tough for Local Governments

Ransomware attacks are on the rise in the United States and local counties are scrambling to keep their cyber systems insured. For those who lack cyber protection, the price can be both costly and time-consuming.

During the 2019 Baltimore Ransomware Attack, the city of Baltimore was targeted by a variant of ransomware called Robbinhood. As a result, the majority of the city’s essential servers were immediately shut down. In order to reverse the damage, hackers demanded 13 bitcoin – roughly $76,000. If the city failed to pay the ransom, the amount would increase, as would the intensity of the shutdown.

Ultimately, the city refused to pay the ransom and the total cost of the attack far exceeded the initial amount requested by the hackers. Throughout the event, the city struggled to maintain its systems. The Real Estate Accounting and Services Division was heavily impacted as it housed systems for tax collection, title fees, and even water bills. It is estimated that Baltimore lost more than $8.2 million in revenue from this division alone. The total price of the attack was more than $18 million.

While costly, the Baltimore incident is not anomalous. According to Brett Callow, a threat analyst at Emsisoft, there were more than 150 cyber attacks on local municipalities, school districts and universities in 2021.

As the threat of cyber attack against counties has never been greater, insurance companies are making it clear that insureds need to take action if they wish to remain covered. Gone are the days when a county could merely answer a few questions to receive cyber insurance. Today, insurance carriers require an in-depth and bottom up understanding of a county’s security practices and protocols.

While the majority of insureds recognize the need to secure their own systems, many are finding it difficult to keep up. As technology advances, some local governments are becoming increasingly stretched for resources. In smaller towns, there may simply not be enough employees involved to dedicate time to cyber security. In the event that a county is denied access to cyber insurance, there is no clear path to get protected.

Tim Oliver, the Chief Information Officer of Horry County, South Carolina has firsthand experience with this stressful process. His county, which is home to roughly 365,000 people, was 2 months away from losing access to its cyber policy. In his case, he had to round up the resources necessary to strengthen his county’s cyber practices such that they would satisfy their insurance company. Luckily, his county has over 3,000 employees, making it possible (though unremittingly stressful) to meet the standards of their cyber liability carrier.

Smaller communities do not have the same luck, which is forcing them to get creative. When denied access to a cyber security policy, the standard reaction is to simply hope for the best. The challenge is that, at this point, many county officials are aware that cyber security is a real threat with legitimate and everlasting consequences.

In order to combat their vulnerabilities, some uninsured cities are creating their own cyber security insurance policies. In effect, this means that officials are setting aside money in the event that a ransomware attack or data breach affects their city directly. While this does not tighten up cybersecurity loopholes, it does provide a sense of preparedness should an attack occur.

The good news is that local governments are beginning to take ownership of their security policies. Moving forward, insurance brokers can help these cities become more proactive in covering up their vulnerabilities by educating them on the steps they must take in order to qualify for a cyber policy

Not sure where to start? One great way organizations can prepare for the next big cyber security attack is by checking out our Cyber Security Marketplace.

Limit AI is here to revolutionize your workflow.

Limit has built the State of the Art AI for insurance. Limit AI will summarize and compare your quotes, run your surplus lines taxes and fee calculations, identify coverage deficiencies, and do what you need to get your job done. Limit AI is extremely well-versed in all lines of P&C and highly skilled at analyzing your policies & quotes.

Our AI Assistant is built on Limit’s years of expertise as a commercial insurance wholesaler with hands on experience in all lines of P&C. Limit AI answers questions, drafts emails, and compares quotes & policies with substantially more rigor and attention to nuance than any other competitive AI product today.

Ready to get started? Join the waitlist by visiting limit.com/ai or email us at contact@limit.com.