Safeguarding our future: Cyber insurance in the public sector

According to IBM, the average cost of a data breach in the U.S. is $9.44 million.

While private sector cyberattacks certainly make the news, the public relations fallout of a public sector hack can be incredibly damaging and costly to a local government or school district’s reputation and bottom line. Credit: Oleksii/Adobe Stock

In an era where information is the new currency, the vulnerability of schools and municipalities to cyberthreats cannot be overstated. We entrust our children’s personal data, such as sensitive health information, to their schools, while also providing our personal information, sometimes including social security numbers, to our local governments. This has turned schools and governments into a treasure trove, making them lucrative targets for cybercriminals, the impacts of which can have long-lasting effects on the lives of stakeholders, including schoolchildren and taxpayers.

A cybercriminal can hold a school district or local government hostage with the threat of a computer virus, crippling daily activities. We should trust that these institutions have robust cybersecurity protocols in place. But, what happens when those protocols fail? Enter cyber liability insurance.

According to IBM, the average cost of a data breach in the U.S. is a whopping $9.44 million, but the cost to insure against the fallout is just a fraction of that. Policy cost depends on several factors, including the size of the entity, the type of coverage needed, and the level of risk. That said, cyber insurance costs have increased dramatically over the past few years — as much as 61%.

With great power comes great responsibility. I personally wouldn’t sit on a school board or local government council without having a cyber liability policy and proper cybersecurity measures in place. While private sector cyberattacks certainly make the news, the public relations fallout of a public sector hack can be incredibly damaging and costly to a local government or school district’s reputation and bottom line.

Cyber coverage terms vary by policy and insurance carrier. In general, however, the policies are designed to help cover the costs associated with recovering from a cyber incident and the harm caused to both the policyholder’s business and their customers. Examples include general business interruption, data recovery and restoration, compliance fines, public-relations efforts, extortion and ransomware costs, settlement costs and other legal fees.

Schools and municipalities shouldn’t assume their general liability policies will cover them in the event of a hack.

Cyber insurance is a specialized form of insurance, designed specifically for the unique risks affiliated with cyberattacks and data breaches. Typically, this kind of comprehensive coverage is not automatically included in general liability. Some general liability policies may offer cyber coverage, but it’s often very limited and won’t sufficiently cover the high costs associated with a cyber incident. Securing a standalone cyber policy or adding the proper endorsements to an existing policy is best.

A specialist broker will know what policy forms are better than others — what policy forms, for example, are sub-limiting ransomware coverage liability and which are giving you the full limit of liability. Specialist brokers do thorough policy comparisons on every risk and show our retail partners exactly what their insured is purchasing, along with how to explain it.

Deborah “Deb” Dioguardi of Jencap Group. Credit: Courtesy photo

Of course, the first step to avoiding a cyber hack is to mitigate risk, so I would strongly suggest schools and municipalities conduct a cyber risk assessment to identify potential threats and vulnerabilities to their organization’s systems and data. Once they have an idea of your most critical risks, they can begin the work of prioritizing and addressing those weak points through improved cybersecurity controls. For instance: establishing company-wide policies, conducting employee training, setting up firewalls, installing encryption software, and implementing intrusion detection systems.

By investing in cyber liability insurance and implementing robust security measures, schools and municipalities not only mitigate risks, but they demonstrate dedication to the communities they serve. Students, their parents and taxpayers deserve nothing less.

Deborah “Deb” Dioguardi is national practice leader, professional lines, at Jencap, Inc.

Related: