Public entities have been, without a doubt, among the most active sectors for privacy and security incidents in 2019.
In recent years, hackers have adopted ransomware attacks as a preferred extortion method, especially among municipal entities, according to Newsweek magazine. By planting malicious code inside agencies' information systems, digital intruders are able to exploit relatively unsophisticated or out-of-date cyber defenses and inhibit computer access, the magazine said.
Targeted ransomware attacks have been on the rise, taking ransom demands much, much higher than in the past. Often times, the perpetrators are inside the networks (as opposed to random malware attacks from outside, hoping someone will click on a link to download malware) and they are often encrypting not only the servers, but the backups as well.
In November, a school district in New Jersey had its servers hacked by an outside entity and infected with ransomware, with the superintendent noting the issue could take weeks to resolve.
Also last year, a staggering 22 local governments in Texas fell victim to a “coordinated ransomware attack of unprecedented size,” according to Insurance Journal. Authorities believe a single source is behind all of the attacks.
It’s not just small municipalities either. Large entities, even with more resources and presumably more layers of security available, aren’t immune. One major U.S. city suffered a ransomware attack last May, estimated to cost more than $18 million. Four months later, only 65% of city employees had “regained the ability to use their computer and send and receive emails” with 95% of employees expected to be operational shortly thereafter. Ongoing issues remain.
Another major U.S. city saw its computer systems crippled by a cyber attack at the tail end of 2019, disastrous timing with property tax deadlines looming at the end of January. The good news here is that three weeks later, with the efforts of the city and 75 state and federal partners, the systems are close to back up and running. The bad news? The effort has cost $1.5 million thus far, a number expected to rise. The city is now planning to increase their insurance coverage in 2020.
Just this month we received a notice of claim on a ransomware event experienced by a small school district in a midwestern state. The initial demand was the equivalent to $2,000,000 in bitcoin and legal and forensics costs are expected to climb north of $150,000. The district carries a cyber insurance policy with a limit of $1,000,000, having made the decision to forego the offer for higher limits at policy inception. The forensic team provided by the school district’s cyber insurance policy was able to negotiate the ransom down to $550,000, so hopes are that this event will fall within the limits carried by the insured.
We have also seen a rise in vendor events that have the potential to affect more than one member of a public entity insurance pool simultaneously. For instance, there was a recent data breach of a software platform used by multiple school districts within a certain geographic footprint. The schools are all a part of the same cyber insurance policy. Because the source of the breach is the same provider, most insurance policies would consider this a single event, therefore subject to one shared sublimit of insurance among all affected. But since RPS manuscripts our programs to tailor coverage specifically for our public entity clients, each affected member of the pool will enjoy their own limit of insurance, subject to the overall policy aggregate–not one smaller sublimit shared by all.
As is common with all insurance, higher claims frequency and severity among a common sector can have an effect on underwriting, capacity and pricing. We have seen this with some of our recent renewals and expect the trend to continue as these events become more frequent and highly publicized. RPS is well equipped to respond to the ever-changing cyber insurance landscape with access to many markets and a large team of professionals with experience in crafting custom coverage solutions in this dynamic area of risk.