There’s More to it Than Just Getting Insurance to Protect from Ransomware AttacksawsDONOTREMOVE
Many local governments are dealing with increased threat of ransomware hacking attacks. To deal with this they have now started carrying cyber security insurance in order to stop their damages in case a city’s online computer facilities are taken over by hackers.
However, experts have warned that if they order just basic policies these local governments defense measures might not have the required level of security. Additionally, local governments can become an attractive target for hackers, whenever insurance companies pay ransoms.
Larger cities may go with more customized plans. The city of Houston paid over $500,000 for a plan costing $30M in 2018. It would cover cyber security breaches to emergency responses and losses linked to a cyber attack. However, many smaller towns use pooled plans for insurance coverage. These are offered by many associations operating in this sector.
Maryland municipalities, receives $1M in cyber insurance coverage which opt for plans from the LGIT, an association that offers pooled insurance policies. It is offered by the LGIT’s standard package. This has been a good cost-effective solution for over 190 government organizations and entities that get their insurance from this trust. This trust has received only 5 cyber security-linked claims in the last 5 years. The most expensive claim had only cost $67,000.
Some members of city council in Baltimore started considering an increased level of coverage when a ransomware attack cost the administration over $18M in total damages. Baltimore did not have a cyber security insurance policy at the time of the attack and had refused to give in to the ransom demands.
In 2017 Forty-four percent of all local governments claimed that they had cyber security insurance. Coverage levels differed widely among the participants with over thirty-six percent reporting moderate insurance coverage and ten percent reporting complete coverage.
Some standard cyber security insurance provides credit monitoring expenses in case private data/information is stolen. Cost related to crisis management services, data breach responses, and for the restoration of files corrupted during ransomware attacks are covered as well. Some policies may also provide coverage for any business/revenue that was lost. For example, loss of money due to hacked computer systems may be covered by insurance policies.
However, Shark has warned local government officials to remain aware of the caps applicable to insurance policy coverage amounts. He also warned potential policy buyers to be aware of coverage gaps. For instance, certain clauses could be included, which could block coverage in case local governments have been found guilty of being negligent or careless in their cyber security practices.
The FBI doesn’t recommend paying ransoms. They fear it may provide a lucrative and alluring enterprise to many other cyber criminals. It does recommend that cyber attack victims report hacking incidents to authorities. Over 200 mayors signed a resolution last summer, agreeing not to pay ransoms.
Although risks may be slowed by having cyber insurance, Shark warned that insurance coverage wouldn’t prevent ransomware attempts.