Attendees to the 2016 MACo Summer Conference learned about the legal steps counties should take to protect themselves and their citizens to data breaches, hacking attacks, and ransomware demands at the “Attorneys in the Matrix: Legal Best Practices Against Black Hat Threats” panel on August 18.

Ballard Spahr Counsel Kim Phan discussed the top 10 things a county needs to do in response to a cyber attack. Phan stressed that a county’s response in the first 72 hours was critical. She also stated that the average cost of a breach is $4 million over two years.

Local Government Insurance Trust (LGIT) Director of Underwriting Scott Soderstrom discussed cyber attack insurance policies, noting that such policies began to be issued in 2000 but are still a new and evolving product. He discussed the types of cyber coverages and offered some pre-loss best practices (such as data encryption, formal password protection policy, periodic security assessments, etc.)

Finally, Maryland Air National Guard Lt. Colonel Jori Robinson discussed the types and sources of cyber threats, noting there has been a 391% increase in malicious applications since 2013. She noted many of these applications have begun to focus on governments, academia, and critical infrastructure. She also stressed the resources available to counties who have suffered a cyber attack, including the Department of Defense, the Department of Homeland Security and the Department of Justice/Federal Bureau of Investigation. She noted that Maryland was unique in that it has a wide range of army and air national guard resources available to assist counties, including the 175th Cyber Operations Group.

Maryland Senator Wayne Norman moderated the panel.