Nationally local governments are seeing rates rise and coverage fall for cyber-related insurance.
Across the United States, local governments are seeing providers of cyber insurance raise rates and lower coverage. In Missouri, one provider slashed coverage from $1 million to $250,000 and increased the premium from $5000 to $25000. Maryland’s own Local Government Insurance Trust, which offers coverage to both counties and municipalities, saw their costs rise 300%. All over, insurance costs are rising due to the proliferation of cybercrime.
Cybercrime is not new to Maryland. In the past decade, there have been several significant cases of local governments being attacked, the most infamous of which was an attack on Baltimore City in 2019. As the threat of these attacks becomes more present, more local governments are turning to these insurance policies. One survey found 90% of local governments had some policy insuring them against a cyber attack.
Insurance providers, seeing both an increase in attacks and demand, have begun to become more strigent to who they offer policies to and on what terms. Many providers are requiring local governments to mandate cyber security trainings, enhance security protocols, update software and/or equipment, as well as posssibly soon requiring security audits.
If a local government can get a policy, it is probably more expensive then in previous years and has less coverage. Should there be a cyber attack, many policies will now only cover the cost of recovery and not the cost of ransom. This new change is in line with recommendations from the FBI which warn payouts encourage further attacks.
While the path ahead is uncertain, there is a silverlining. Increased awareness and stricter requirements by insurance providers will push many local governments to act; hopefully spuring new measures of protection and preventing future attacks.