Insurance Qualifications May Prove Daunting for Local Governments
Local governments with limited resources may find it increasingly difficult to buy cyber insurance. In a recent GCN webinar, Dallas CISO Brian Gardner said that insurance providers ask governments to submit detailed responses to questionnaires about their capabilities. They may also ask about intangible factors such as technical debt, added Rita Reynolds, CIO of the National Association of Counties.
Legacy systems carry a significant amount of technical debt, which includes the cost of additional work required to enable those systems to operate in modern environments. Technical debt only increases in the face of cybersecurity workforce shortages. A New York City utility, for example, has 14 different legacy SCADA systems that it depends upon to operate its systems through different parts and pieces. How does the agency really know what’s in its environment? How has it arrayed its resources around protecting those assets?
In 2021, American International Group, a large cyber insurance provider, raised its rates 40 percent globally. It also bolstered its requirements for obtaining cyber insurance. According to a report by the Pew Charitable Trusts, Horry County, S.C., saw its cyber insurance premium rise from $70,000 in 2021 to $210,000 in 2022.
LEARN ABOUT: Why strong asset management is a must for successful continuous monitoring.
Build a Cybersecurity Strategy with a Comprehensive Approach
CDW•G has developed a full-stack approach to cybersecurity capabilities, including ransomware mitigation and data protection. We call this approach SPEAR.
Here is how SPEAR breaks down:
- Scan for risk. Assessments evaluate an agency’s overall security posture.
- Prepare for the worst. Calculated solutions and services help governments avoid, transfer or mitigate risk.
- Expose the threat. Targeted solutions and services expose the active attack in the public sector environment.
- Assess the response. A dedicated team partners with an agency to contain and eradicate an attack.
- Recover and remediate. Services and playbooks help IT leaders quickly restore operational capability and remediate any system impact.
Ransomware, of course, remains a particularly dire threat against state and local government systems, which often do not patch or update software as quickly as in the private sector. In addition, ransomware dramatically shuts down government services, making its presence felt promptly among citizens trying to conduct business and agencies striving to serve them.
State and local governments can cover their bases by turning to a qualified managed service provider with a comprehensive approach to establishing and maintaining cyberdefenses.
This article is part of StateTech’s CITizen blog series. Please join the discussion on Twitter by using the #StateLocalIT hashtag.
