Cyber Crime Targeting Cities and Counties on the Rise

CIS responds by creating new three-tiered insurance coverage to respond to threat

Earlier in the year, CIS unveiled its new three-tiered cyber coverage program in response to a significant increase of cyberattacks on Oregon’s cities and counties. CIS is a government agency (similar to a not for profit) that insures 98 percent of Oregon cities and 78 percent of counties.

Small cities and counties are not immune to cyber-attack; rather they are often the target of cyber criminals. CIS’ new cyber program initially had three tiers of coverage that featured more strict requirements for tiers two and three. These stricter requirements led some cities and counties to take a wait and see approach on renewing or signing up for the cyber coverage. 

Thankfully, CIS was able to reduce its requirements considerably after its London broker came forward with an attractive quote with fewer conditions. In addition, the London broker came through with a compelling program for Tier 3 excess cyber insurance for CIS. 

Because of the increased cyber risks to public entities, CIS worked diligently with brokers to find a carrier that would be willing to cover cyber insurance up to $1 million. But, in the end, CIS found one that would go to $1.25 million (for Tier 3). Despite warnings that premiums could double, the coverage turned out to be competitive and similar to last year.

The new coverage has many features, including variable pricing based on population — as well as the flexibility to require fewer of the cybersecurity requirements. In addition, CIS members can purchase up to $1.25 million of cyber coverage, when combining Tier 1, 2, and 3.  

CIS has also added a new cybersecurity specialist position that can provide cybersecurity services to members, which should help prevent some of the intrusions by cyber criminals.

Next Steps

For those cities and counties that want to purchase cyber coverage, CIS can add the coverage mid-term in 2022-2023.  The following are the minimum requirements for coverage approval:

• Multi-factor authentication for remote access into networks. Remote access to networks includes privileged access to networks or the cloud;
• Three back-up copies, two of which are offsite;
• CIS crime insurance with a minimum of $250,000 of coverage;
• Training staff about phishing and cybersecurity best practices;
• Adopted cybersecurity policy; and
• Complete the CIS Cyber Application located on the CIS website.

If CIS members have questions about any of these requirements, contact Greg Hardin at 503-763-3889. Members can purchase excess cyber coverage at any time during the year by contacting Tena Purdy.

Quick Facts on Tiers 1, 2, and 3

TIER 1

All CIS members can elect to obtain $50,000 of cyber insurance (Tier 1) with no application required.

TIER 2

An additional $200,000 is available by completing the CIS Cyber Coverage application. 

TIER 3

Four options are available above the Tier 2 coverage of $250,000. Members can pick an optional Tier 3 coverage for an additional $250,000, $500,000, $750,000, or $1 million of coverage. Tier 3 is provided based on an approved CIS cyber coverage application.

CIS is also encouraging members to attend the CIS Annual Conference this August to learn more about CIS’ Cyber offerings. On Thursday, Aug. 25, CIS’ new Cybersecurity Specialist and Systems Architect, Greg Hardin, along with Senior Property Claims Consultant, Carol Drouet, will lead a session titled “The Evolution of Cyber Coverage at CIS.” In this session they will demystify the baseline requirements to acquire cyber insurance and present some lessons learned from claims experience prompting the escalation of requirements.

Then on Friday, Aug. 26, CIS’ Scott Moss will demonstrate CIS’ Enterprise Risk Management software, Insight, to show the value of protecting public-entity accounts with Multi-Factor Authentication (MFA). Participants will learn how to use Insight and take valuable information back to elected officials and staff on the importance of cybersecurity.

CIS ANNUAL CONFERENCE FEATURES CYBER TABLETOP EXERCISE, AUG. 24

On Wednesday, Aug. 24, CIS will host the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) to provide a four-hour tabletop cyber exercise titled Threat Disruption — Gaining Tools to Execute Cyber Tabletop Exercises. CISA will provide participants with the tools to recognize cybersecurity risks in public entities, understand individual actions to protect against cyber risk, and discuss the need to protect critical infrastructure. The exercise will demonstrate the ‘tabletop in a box’ material developed by CISA to enable attendees to deliver this exercise to their organization. Eric Atherley, special agent with the Federal Bureau of Investigations (FBI), will also join CIS to discuss the FBI’s role when a cyberattack occurs.

Register today for this special workshop at www.cisoregon.org/conference. 

Contributed by: Bill LaMarche | Public and Member Relations Manager

*Sponsored content provided by AOC Business Partner.