US States Turning To Insurance

Uploaded on 2017-12-05 in NEWS-Cybersecurity News, GOVERNMENT-Local, FREE TO VIEW, BUSINESS-Services-Financial

Cyber-attacks on government agencies, like the recent event where hackers gained access to Iowa’s State public employee pension accounts, stealing hundreds of thousands of dollars, have become increasingly common.

In response, more US states are purchasing insurance plans specifically tailored to protect the State from potential cyber-attacks.

No Iowa agencies have cyber-attack insurance, but the topic has been discussed among State leaders. “It’s a huge discussion,” said Robert von Wolffradt, Iowa’s chief information officer. Earlier this month, hackers were able to gain access to more than 100 accounts in Iowa’s public employee pension system and steal hundreds of thousands of dollars, according to state officials.Officials do not believe the hackers gained direct access to the State system, but rather obtained identifying information, Social Security numbers and birth dates, for example, through other means and used that to access the system.

The event served as a reminder that government agencies in recent years have increasingly become the target of cyber-attacks.

In 2016, government tied finance as the most-targeted sector for cyber-attacks worldwide, according to an annual global threat intelligence report from Dimension Data, a South Africa-based information technology services company.
When hackers attack a financial institution, they are looking for money. When hackers attack a governmental agency, they are looking for sensitive, and thus valuable, information, experts said. “The biggest threat is the government is the one that has all our data,” said Doug Jacobson, an Iowa State University professor of computer and electrical engineering. “They’re the ones that have all our Social Security numbers, they have our addresses. They have everything about us. That’s the biggest thing (governments) have to try to protect.”Or, von Wolffradt said, hackers are simply “trying to subvert government and just make government look bad.”

In order to protect themselves from cyber-attacks, more states are purchasing cyber insurance.

More than a dozen states have cyber insurance policies, according to a report from the Pew Charitable Trusts “Stateline.”
Cyber insurance policies generally cover costs related to data theft or corruption, the unauthorised sharing of data, and legal costs, according to a report on cyber insurance policies from PNC Financial Services.

Such policies can be expensive. Montana has a $2 million policy that covers all agencies and the state’s public university system; Utah bought a policy in 2015 after a data breach on its health department servers, according to the Pew report.
“It’s expensive. It’s a big budget item for us. But it’s absolutely worth it,” Michael Hussey, Utah’s chief information officer, said in the Pew Report. “You’re seeing breaches now that cost companies and states millions and millions of dollars.”

Would a cyber insurance policy benefit Iowa’s State government agencies? That discussion is taking place, von Wolffradt said. He called it “a very complex issue” that is being considered by the state budget department. Iowa government is currently self-insured, von Wolffradt said. “I think the issue is, if you’re self-insured, how much does this (cyber insurance) cost and how much protection does it afford you and what do you use it for,” von Wolffradt said.

In addition to coming at a high price tag, cyber insurance policies typically require the customer, state government, in this case, have certain levels of protections already in place. “Insurance companies are smart. They’re not going to go into something blind. So they require the agencies to do certain things, have certain protections and certain reasonable responses in place,” von Wolffradt said. “And then that will change the rates that (agencies) are getting charged for insurance.”

Von Wolffradt said he has recommended the state budget department consider a cyber insurance policy.
“We’ve recommended looking at it because we think that as the industry grows, and it’s relatively new, as the insurance matures a little bit, there may be some opportunities there,” von Wolffradt said. Jacobson said Iowa state government has been proactive on cyber security for the past decade.

In December 2015, then-Gov. Terry Branstad issued an executive order for the creation of a state cyber security initiative. A state cyber security strategy was published in July of 2016; Jacobson said other states look to the Iowa plan as a model.
The state also in October opened its new cyber security operations center, which enables state security officials to monitor systems and respond to incidents almost immediately, according to state officials.

The chief information office said it responded to nearly 1,900 incidents in the state budget year that ended June 30. The most common incident is a malware attack that attempts to extract data, von Wolffradt said.

“Everybody’s trying to do the best they can,” Jacobson said. “It’s a rigged game. The attackers only have to be right once, and we have to be perfect. That’s not very fair. But that’s the game we’re being forced to play.”

WCFCourier

You Might Also Read:

More Sensitive US Voter Records Leaked:

Local Government Computer Systems Are Soft Targets:

Georgia - A State Of Cybersecurity:

 

 


 

 

 

« UK Drone ‘pilots’ Must Pass Safety Tests
Cybersecurity Firms Deploy AI Against Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

OPSWAT

OPSWAT

OPSWAT is a software company that provides solutions to secure and manage IT infrastructure.

VdS

VdS

VdS is an independent safety and security testing institution. Cybersecurity services include standards, audit/assessment and certification for SMEs.

CynergisTek

CynergisTek

CynergisTek is a top-ranked cybersecurity and information management consulting firm dedicated to serving the healthcare industry.

International Cybersecurity Institute (ICSI)

International Cybersecurity Institute (ICSI)

ICSI is a UK company offering specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals.

Echosec Systems

Echosec Systems

Echosec Systems is a data discovery company delivering social media and dark web threat intelligence. Our web based security software delivers critical information for situational awareness.

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance provides an array of cybersecurity services including cybersecurity policy management, risk assessments and regulatory compliance consulting.

Nassec

Nassec

Nassec is a Cyber Security firm dedicated to providing the best vulnerability management solutions. We offer tailor-made cyber security solutions based upon your requirements and nature of business.

Tego Cyber

Tego Cyber

Tego Cyber delivers a state-of-the-art threat intelligence platform that helps enterprises deploy the proper resolution to an identified threat before the enterprise is compromised.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

Cider Security

Cider Security

Cider Security - It’s time to revolutionize the way Security, Dev and DevOps teams work together to supercharge security at the speed of engineering.

Oort

Oort

Oort is an identity threat detection and response platform for enterprise security. The Oort platform is API-driven, cloud-native and agentless for rapid time to value and high scalability.

Kralos

Kralos

Kralos are an experienced team of Software and IT experts, specialized in the development of innovative cybersecurity solutions.

Sentar

Sentar

Sentar is a cyber intelligence company, applying advanced analytics and systems engineering expertise to protect our national security by securing mission-critical assets.

TrafficGuard

TrafficGuard

TrafficGuard is an award-winning digital ad verification and fraud prevention platform.

OneCollab

OneCollab

OneCollab, your unwavering ally in the dynamic landscape of IT services and cybersecurity.

Arsen Cybersecurity

Arsen Cybersecurity

Arsen is a French cybersecurity startup, dedicated to enhancing human behaviors in cybersecurity.