A School District Bloomington located in Illinois has posted its cyber-insurance renewal details, and the cost has jumped from $6,661 in 2021 to $22,229 this year. This tragic 334% rise in premiums to the sudden spike in the number of threats, their severity, and the probable for the costly interruption.

“In light of events that have negatively affected to Cyber Insurance market, SSCIP was unable to start searching the requirements coverage for the group.” After a small delay, the cooperative was ultimately able to secure an insurer willing to accept the risk of the pool.

Suburban School Cooperative Insurance Program (SSCIP) is an insurance pool permitting school districts to join together to negotiate better insurance rates and lower management fees. The most significant problems which led to this sudden cost enhancement are ransomware and the lengthy interruption that encrypting attacks and the theft of data can have to negotiation school networks, employees, and students.

Ransomware actors, particularly the less skilled affiliates, target smaller school districts because they are seldom well-protected against attacks and usually can’t afford a large dedicated IT and security team. However, as schools commonly have an active insurance policy, they are attractive targets to attackers who are hoping for a quick payment from insurance companies.

Emsisoft has published a report to sum up 2021 ransomware attacks against the U.S. public sector, where they count 77 government, 1,043 schools, and 1,203 healthcare victims.

What are the Requirements of MFA?

As the District 87 memo mentioned, the insurer has also required that the district fully implement multi-factor authentication protection on all its accounts. The school estimates that they can conclude this change by March 30, 2022. However, until that happens, the coverage limits will remain decreased, well below the consented amount.

This shows the importance that insurers and security experts ascribe to utilizing MFA to protect network logins. MFA is a method of validating the user’s identity through a combination of things beyond just passwords. For example, they can come in the form of one-time passwords, key cards, or biometrics. Ransomware actors typically deploy their encrypting tools by using compromised user credentials to access the target systems. As such, having MFA in place is often enough to stop the attack before attacks can start.

Also, backup service logins should be protected using MFA, making it so ransomware actors cant access and delete backups. With reliable backups in hand, it significantly weakens a ransomware gang’s negotiating position and speeds up recovery.

What is the large-scale issue?

District 87 is just one of the many American public educational institutes that will face this substantial added burden on its annual budget, and this doesn’t apply only to schools. Hospitals, non-profit organizations, and local governments will all have to cover substantially greater cyber-insurance costs in 2022 due to an increase in cyberattacks in 2021.

The healthcare sector was also bombarded by ransomware actors in 2021, mainly for the same reasons that make school districts ideal targets for cybercriminals. Universities are also on the ransomware actors’ crosshairs, and they too have to strike a delicate balance between budget allocation and cyber-protection since they have limited resources.

Lori Sussman, Assistant Professor of Cybersecurity at the University of Southern Maine, has told Our experts that the increase in cyber insurance premiums will continue to outstrip other insurance instruments until organizations can stem the rising attacks.

These crooks also attack targets that they perceive as “soft” which include small municipalities, schools, universities, and other organizations that may not have big budgets for IT staff let alone cybersecurity experts. No doubt that is why cyber insurance premiums grew more than a quarter (25.5%) in 2021 (According to the Council of Insurance Agents & Brokers,) which is well above other insurance instruments. The University of Maine system CIO has prioritized security for the state higher education system. However, there will need to be more awareness training of all stakeholders – students, faculty, staff – to defeat these predators.