Skip to Main Content

As cyber threats grow, so do League services 

Heartbleed, the most recent major cyber security breach, compromised 500,000 users’ accounts on websites like Facebook, Yahoo! and Google in April and came right on the heels of Target’s  pre-Christmas breach, which resulted in 70 million potential victims. 

The frequency and severity of these cyber crimes like these prompted the League’s Risk Management Services to investigate what services were available to members of the Property and Liability insurance trust in making sensitive data more secure.

The League's Risk Management Services now provides cyber liability insurance and an array of resources to help you secure you municipality's data.
“We knew that there were insurance carriers that specialize in policies covering these exposures but weren’t clear on what state-of-the-art coverage provided,” Associate Director  for Risk Management Services Bob Haynes said. “So our efforts were two pronged: learn what we can regarding the risks our members face and offer resources to manage that risk, including the ability to purchase insurance specifically designed to cover cyber risks.”

To get an idea of municipal needs, Risk Management Services enlisted the help of Agio, formerly Secure Enterprise Computing, to complete cyber risk assessments of eight municipalities of varied populations.  Agio then wrote a municipal government information security best practices primer manual that includes the basics of information security, management and IT department responsibilities and reference materials.  The manual is available on the Risk Management Services website at no charge to Property and Liability pool members.

“An assessment is the best way to understand where your risks are in relation to the environment and business objective,” Ray Hillen, Agio director of security practice, said. “You can take this actual intelligence and start addressing issues to reduce your risk and exposure.”

Agio’s Andrew Werking was the lead on the project and worked with each of the municipalities. Werking begins the assessments at the top by examining policies, standards and procedures. After examining governance, Werking assesses the organization based on a set of industry-standards best practices including complexity and strength of passwords, user behavior with locking workstations, backup and cooling of data centers, locks on doors, fire suppression and more. 

“It’s especially critical that municipalities are proactive in information security because of the sensitive nature of the data they possess,” Haynes said.

Werking said there was a wide spectrum of implementation across the municipalities.

“Each organization had unique challenges. Every organization is different,” Werking said. “Most municipalities had strong security controls in place for things like malware protection and management systems behind the scenes.”

However, Werking and Hillen agreed that many organizations overlook the importance of end-user training in information security. According to Werking, it’s the fake emails that look legitimate that are used as a launching point to access sensitive information in an organization.

“The way we address it is simply user-awareness training,” Werking said. “Your users should be aware of what’s good and what’s not, and, hopefully, that will carry into their personal lives as well.”

After the cyber risk assessments, Risk Management Services chose Beazley to provide a comprehensive cyber risk policy that members can now purchase. In addition to insurance, Beazley provides access to a website with resources to help an organization manage its risk before and after an incident.

Risk Management Services subscribed to e-Risk Hub, a website that provides a clearinghouse of cyber resources including breach lawyers, steps to take following a breach, consultation with a breach coach and more. E-Risk Hub, a service of Net Diligence, will be available to members of the Property and Liability pool July 1.

If your municipality has not received information about purchasing cyber liability insurance or has questions, contact Ryan Ezzell, League Property and Casualty Underwriting Supervisor at 919-733-2633.