Municipalities – One of the Toughest Classes of Business to Secure Cyber Insurance
July first is known as one the busiest times of the year for municipal cyber insurance. Here at Founders Professional, we are seeing an influx in cyber submissions for this class. Municipalities and other government entities remain one of the toughest classes of business for carriers to underwrite.
Let’s explore several factors that contribute to making it a tough risk to write for cyber carriers as well as viable information to consider.
Vulnerabilities:
• Governments usually possess thousands of pieces of personally identifiable information about their citizens. This makes them an attractive target for hackers and state sponsored organizations that want to inflict harm.
• Municipalities have diverse interconnected systems. A police department could be on a different system than the risk management department within a local government. The interconnected systems give more access points for hackers to target.
• Municipalities are not able to move or adapt as quickly as the private sector. The bureaucratic process and budget restrictions can leave their systems outdated.
• Governments have many employees and individuals that have access to sensitive information. The sheer volume of government employees makes them susceptible to a cyber incident.
• Municipalities are beginning to increase their security awareness and training. They still lag far behind the private sector in cyber training.
While the frequency and severity of claims vary greatly among municipalities, there are consistent cyber incidents that we often see for this class of business.
Common Claim Triggers:
• Data Breaches – As previously mentioned, governments collect a large amount of personally identifiable information. Data breach costs alone can be well over six figures. The biggest driver of these costs are breach notification, forensic investigation, and data restoration.
• Ransomware – We have seen several large municipalities across the United States fall victim to ransomware incidents over the past few years. In some incidents, municipalities’ entire systems have been compromised or shut down. Costs associated with a ransomware include the ransom payment, system restoration, business interruption, and data recovery.
• Social Engineering/ Phishing- Since municipalities have many employees and contractors, the human element makes them extremely vulnerable to social engineering or phishing attacks. Bad actors will trick or deceive an employee and trigger significant financial loss. One of the most common claims we see for social engineering is wire transfer/ funds transfer fraud. Once the funds are gone it is often hard to recover them.
It is important to know that not all cyber policies are created equal. There are still a few carriers that are writing municipal risks below market value. While some carriers may offer a below market value price, they may have exclusions for common claims triggers. It is imperative to partner with a broker like Founders Professional that has a comprehensive understanding of the coverages and exclusions.
About the Author
Kevin Merchant focuses daily on assisting retail insurance agents find solutions for their hard-to-place professional liability, management liability and cyber liability insurance risks. Kevin is based out of Tampa, FL and can be reached directly at [email protected].