A survey report from KnowBe4, a provider of security awareness training for social engineering, spear phishing and ransomware attacks, revealed that rising ransomware attacks on municipalities continue to impact state and local governments across the U.S.
In its report “The Economic Impact of Cyberattacks on Municipalities”, KnowBe4 stated that ransomware attacks are becoming a costly affair, and the ransom paid per event in municipalities from 2017 to 2020 was $125,6971. Ransomware attacks not only leave a financial impact, but also result in break of trust and confidence of citizens and stakeholders. The survey broke down the economic impact into five target areas: the average financial loss from state and local governments, the denial of service to citizens due to financial loss, the frequency and the risk of recurring attacks, the challenge of allocating capital to prevent attacks, and the decline of economic investment in municipalities.
Other findings from the survey report include:
- Ransomware attacks can cause significant downtime and denial of critical community services, such as healthcare and law enforcement. The analysis revealed that the average downtime that results from a ransomware attack is 9.6 days.
- Attacks on local government have risen significantly. In the single year between 2018 and 2019, known attacks on local governments rose 58.5%.
- Government officials’ awareness level of the need for cybersecurity is low. 48% of elected councilors and/or commissioners are either slightly aware or do not know the extent of the need for cybersecurity measures in the community.
A lack of understanding exists for how cyberattacks occur and how to mitigate them. 53.3% of local government institutions do not keep track of their cyberattacks. Stu Sjouwerman, CEO, KnowBe4, said, “State and local government entities are often operating on tight budgets and cannot afford to be hit with ransomware. We have found that municipalities are struggling to keep up with the barrage of frequent cyberattacks and although significant, the impact goes beyond financial implications. Critical services such as health care and law enforcement would be put in a very difficult situation if their services went down for any period of time, which is why it’s so important to train all employees, especially those working in municipalities, to help prevent cyberattacks.”
Lack of funding for cybersecurity initiatives is a pressing issue because without initiatives like cybersecurity awareness training, municipalities are vulnerable to social engineering attacks – which in turn could expose an entire database of sensitive information to threat actors.