Compliance

More US Cities Invest in Cyber Insurance, But Costs Are Rising

September 27, 2022

A new survey from the Public Technology Institute (PTI), part of the Computing Technology Industry Association (CompTIA), reveals that local governments are investing more in cybersecurity, but many still feel underfunded and underprepared.

Fifty-nine percent of local government technology leaders report that their cybersecurity budget increased this year. However, 58% say those budgets are still not sufficient to support security and cloud initiatives. On leadership engagement, only 27% of respondents said their local leaders were "very engaged" with cyber policies, while 51% said they were "somewhat engaged" and 22% reported that leaders were not engaged at all.

"Cybersecurity is critical to all organizations and especially to local governments," said Dr. Alan Shark, Executive Director of PTI. "The results of this year's survey show that local technology leaders continue to struggle with budgets and with bringing more local officials into the decision-making process when it comes to cybersecurity programs."

Cyber Insurance Adoption Is Growing, but So Are Costs.

Ninety percent of respondents report that their organization now has cyber insurance, up from 78% in 2020. However, policies are becoming more complex, with more stringent procedures required of covered organizations. This complexity may explain why only 23% of IT executives say they are completely familiar with their insurance policy requirements and the steps to follow immediately in the event of a breach. Sixty-nine percent reported that their cyber insurance premiums have increased since their last renewal.

Darryl Polk, Director of Innovation and Technology for the City of Rancho Cucamonga, California, offered this perspective: "Cyber insurance has become a critical layer of our cybersecurity strategy, but like any tool it is important we know how to use it. It is important that IT and city leadership understand exactly what the mechanics of their policies are before an incident if they want to get the full value out of it."

Staffing and Policy.

Fifty-five percent of respondents report that their organization now has a Chief Information Security Officer (CISO) responsible for cybersecurity, up from 53% the prior year. Nineteen percent of those who responded said they serve in dual roles as both CIO and CISO, which is particularly common in smaller local governments with limited staffing. The report notes that a dedicated security resource is becoming increasingly necessary as the demands of high-level cyber planning have become a full-time responsibility.

Eight in ten local IT leaders report having a government-wide cybersecurity policy that sets rules for employee behavior, and 73% have reviewed or revised those policies in the past 12 months.

Several ransomware attacks have already shut down essential public services across U.S. cities and cost millions of dollars to remediate. Growing concern also surrounds the potential for attacks targeting physical infrastructure.

Source: Cities Today.

Need Help with Cybersecurity Planning or Insurance Readiness?

Whether you are in local government or the private sector, Cyber One Solutions can help you assess your security posture, prepare for insurance applications, and build stronger defenses. Contact us today to schedule a consultation.