Be thankful for cybersecurity insurance

Saturday, March 14, 2020

Most students with Three Rivers College received a three week spring break this year due to a far more threatening incident: ransomeware.

On Tuesday, Feb. 25, the college shut down operations after officials detected a cyberattack. Students have not returned to school since as college IT, third-party specialists and law inforcement, including the FBI, investigate.

Ransomware is a form of cyberattack that encrypts files on a computer system until a ransom is paid. Friday, Feb. 28, officials released that the form of ransomware used was RYUK. Forbes magazine reported that particular strain of ransomware appears to come from Russia or former satellite states.

While the scope of this attack remains unknown at this point, with college officials advised not to share until things are resolved, it is already apparent that the impact could have been greater. The college, as part of it’s IT emergency plan, bought an insurance policy to assist in the case of a cyberattack.

Dr. Wesley Payne, college president, said the insurance company helped arrange a national, third-party computer security company to work with the college IT response team in securing the situation. If payment becomes required, the insurance company would also assist with paying that up to a certain amount.

Our neighbors in Cape Girardeau continue to face a similar issue.

In January, the Cape Girardeau city systems were attacked by ransomware. The FBI’s investigation there is also ongoing. Luckily, they also have cybersecurity insurance for this kind of instance. Their insurance was purchased in September with “the maximum coverage available of $2 million, with a standard deductible of $25,000,” according to reporting by the Southeast Missourian.

However, at the beginning of March, the city council had a first, second and third reading on an ordinance to declare the attack an emergency for the city. As a result, City Manager Scott Meyer could access up to $500,000 from the city’s Emergency Reserve Fund for any costs the insurance does not cover.

“Insurance mitigated the financial impact of a cyberattack that rendered some computer systems and files inaccessible,” according to an agenda report attributed to city finance director Victor Brownlees. “Access to Emergency Reserve Funds could enhance recovery and resiliency.”

The first part of that quote is what needs to be remembered as the communities work to put things back together after these attacks. No data appears to have been lost from either cyberattack and the financial impact could have been in the tens of thousands for these two entities without the aid of insurance. While we don’t know what it will be, already it’s apparent that things could have been worse.

In the digital age, no matter how much defense a community or entity has, there’s no way to be completely safe from these kinds of attacks.

“Nothing is guaranteed, but we certainly don’t want to be an easy target, and I don’t believe we are,” Meyer said in an August interview with the Southeast Missourian.

It’s stories like these that serve as a warning for other organizations that an attack can come from anywhere and at any time. Protection methods need to be considered before its too late.

— Daily American Republic

Respond to this story

Posting a comment requires free registration: