Ransomware Attacks on Local Governments Highlight Importance of IT Investments, Response Planning

DOWNLOAD REPORT Ransomware Attacks on Local Governments Highlight Importance of IT Investments, Response Planning

Moody’s has written a new report noting that as #ransomware and malware attacks on local governments increase in frequency and intensity, investing in IT infrastructure and personnel, establishing contingency plans, and taking out cybersecurity insurance will help municipalities reduce the impact of attacks on their operations and finances.

“Measures like governance, IT investments, and cyberinsurance help create a pathway for local governments to respond to cyberattacks,” said Nisha Rajan, Analyst at Moody’s and lead author of the report. “Many local governments choose to self-insure, to keep emergency reserves for unforeseen events like a cyberattack and to invest more heavily in personnel and infrastructure to bolster system resilience. Further, as local governments navigate through and recover from recent attacks, many are collaborating to share knowledge and lessons learned.”

Healthy reserve levels, access to short-term markets, and state resources will also support municipalities’ operations in the aftermath of attacks. Local governments can face a difficult decision over whether to pay ransoms. Paying will likely restore operations more quickly; not paying will sometimes lead to extended service disruption. Both scenarios will in most cases require additional expenditures, a credit negative. The report’s highlights are:

Strong governance will play a major role in limiting the worst effects of ransomware attacks. Municipalities that have dedicated IT staff or contractors to maintain system oversight and routinely test defenses are better equipped to deal with ransomware attacks. Additionally, cybersecurity insurance can provide organizations more options in responding to the effects of an attack.

Financial flexibility and state intervention also support municipalities’ operations in the aftermath of attacks. Local governments have so far largely withstood the financial impact of ransomware attacks, helped by generally healthy financial reserves and the ability to continue operations manually. But targeted ransomware attacks with higher ransom demands are becoming more commonplace, leaving smaller municipalities more vulnerable. Recent incidents in Louisiana and Texas highlight the benefits of support from state governments, which have access to more resources.

Local governments have a large degree of discretion in deciding whether to pay a ransom, a complicated calculus with a very involved payment process. Ransomware victims must make a series of choices in determining whether to pay a ransom, including assessing the value of their data, the existence of backups or decryption keys and legal concerns. Paying will likely restore operations more quickly, while not paying sometimes leads to extended disruption of essential services. Ransom payments do not guarantee decryption, and oversight authorities warn against payment to deter funding criminal activities.

Follow Moody’s Public Finance Twitter Feed at @MoodysUSPub Fin