top of page

More US cities invest in cyber insurance, but costs are rising

Updated: Dec 20, 2022

In a new survey, 59 percent of local government technology leaders say their cybersecurity budget increased this year, but 58 percent say it is still not enough to support security and cloud initiatives.

In the research from the Public Technology Institute (PTI), part of the Computing Technology Industry Association (CompTIA), only 27 percent of respondents said their local leaders were “very engaged” with cyber policies, while 51 percent said they were “somewhat engaged” and 22 percent said leaders were not engaged at all.

“Cybersecurity is critical to all organizations and especially to local governments,” said Dr Alan Shark, Executive Director of PTI. “The results of this year’s survey show that local technology leaders continue to struggle with budgets and with bringing more local officials into the decision-making process when it comes to cybersecurity programs.”

Cyber insurance

Ninety percent of respondents state that their organization has cyber insurance, up from 78 percent in 2020. They reported that cyber insurance policies are increasing in complexity, with more stringent procedures to adhere to. This could be why only 23 percent of IT executives say that they are completely familiar with their insurance policy requirements and procedures to immediately follow in the event of a breach or incident. Sixty-nine percent said that their cyber insurance premiums have increased since the last renewal date.

Darryl Polk Director of Innovation and Technology City of Rancho Cucamonga, California, is quoted in the report as saying: “Cyber insurance has become a critical layer of our cybersecurity strategy, but like any tool it’s important we know how to use it. It’s important that IT and city leadership understands exactly what the mechanics of their policies are before an incident if they want to get the full value out of it.”


Fifty-five percent of respondents said their organization now has a Chief Information Security Officer (CISO) responsible for cybersecurity, up from 53 percent last year. Nineteen percent who responded to this question stated that they serve dual roles: CIO and CISO. This is particularly true in many smaller local governments with limited staffing and resources.

The report notes, though, that a dedicated resource is becoming increasingly necessary: “Over the past several years the demands for greater high-level cyber planning and coordination has become a full-time responsibility unto itself.”

Eight in ten local IT leaders said they have a government-wide cybersecurity policy that sets rules for employee behavior and 73 percent have reviewed or revised policies in the past 12 months.

Several ransomware attacks have wreaked havoc on city systems in the US and elsewhere already, shutting down essential public services and costing millions of dollars. There is also growing concern about the emergence of attacks that could target physical infrastructure.

Have something to say about this article? Let us know!

43 views0 comments


bottom of page