Self-Insurance, Grant Planning on States’ Cyber ​​Agendas [Government Technology]

Self-Insurance, Grant Planning on States’ Cyber ​​Agendas [Government Technology]

Aug. 26-Governments are turning to private insurance as cyber policies raise premiums and reduce coverage, said Colorado CISO Ray Yepes on a FedInsider panel yesterday.

“Almost every state has self-insured, and if they don’t, they’re working to get self-insured,” Yepes said.

Colorado itself saw its insurance costs quadruple $500,000 last year that $2 million this year and the pricier plan was also lower, it comes with higher deductibles and reduced coverage and benefits.

Countries are facing risks where prices will continue to rise and cyber insurance will become scarce. Colorado had to change insurance policies starting this year to find a company willing to cover them, Yepes said, adding that some CISOs have come across insurers removing coverage from their cyber policies.

“To me, if you’re going to get cyber insurance, that’s the main reason you want to get it — it’s ransomware,” Yepes said.

This type of behavior is not limited to US Global insurance market Lloyd of London It is said to have issued a law recently that advises insurance companies that sell on its platform not to remove coverage for government-sponsored protests, or those that cause other problems. These rules come into effect March 2023.

Public agencies have a unique opportunity to switch to self-insurance instead, Yepes said, because of the amount of backup resources they have in case their reserves run out.

“If you’re in the state, I imagine you get insurance for your state, your organization, your city,” Yepes said.

Instead of Colorado to pay millions every year, Yepes wants the government to set aside the money for an insurance fund that can help every year. If a cyber incident turns out to be more expensive than these costs can grow, the government can tap into its emergency funding mechanism. Countries often have a major disaster or financial emergency, so far $50 million or not, he said.

And these resources are not the last resort. Governors can declare the crisis to help solve a problem that needs more money, turning to federal laws such as Secret Service and FBI for solution support and activation National Guard and its cyber experts, Yepes said.

Another tip in favor of self-insurance? States don’t have to use vendors chosen by their insurers, which frees them up to use companies with existing relationships, Yepes said. This means that the vendors who are brought in during an emergency are those who already know the state’s procedures.

Yepes said he wanted to donate Colorado to the governor and the laws providing for the self-insurance program.


Yepes arrived Colorado in April, with a resume that includes five years as CISO of Texas Department of Family and Protective Services. This change showed him the difference between working on the ground Texas’ Decentralized IT infrastructure is Colorado to a central example.

A standard implementation sees each organization have its own IT staff, systems and processes, with each government IT department focused on providing key policies and guidelines. Centralized state IT is approaching, at this time, see the IT department of one state as the main source of IT processes, management, services and personnel.

This decision could have a significant impact on cybersecurity, Yepes said.

“One of the great advantages [of centralized infrastructure] and security,” he said.

The central IT department has a lot of control, which helps to implement the policies quickly.

“One of the [the impacts] people don’t realize it’s the speed of decision making. The central agency is very fast,” Yepes said.


As governments and local governments prepare for cyber reforms, many are looking forward to long-promised cybersecurity aid, which is expected to be delivered this year. Infrastructure investment and Employment Act (IIJA).

Virginia Deputy Secretary of Cybersecurity Alicia Andrews he said he knows that cybersecurity weaknesses between regions also put people at risk, and he is working now to identify the challenges and unique needs of each region. Andrews is working to visit all 133 regions in 60 days, to talk to CISOs and CIOs in their regions about their implementation, their concerns and their aspirations from the upcoming grant.

Virginia’s deputy secretary of cybersecurity Alicia Andrews they speak in public almost.

“We’re asking communities what they need,” Andrews said. “My Commonwealth tour… [aims] find out what their needs are, what opportunities we have, and how they can use the money from the federal government to benefit them. “

Another part is establishing processes designed to make it easier for communities to apply for funding when it becomes available, including establishing a support group and documenting useful information, Hernandez said.

Alaska CISO Chris Letterman said his state is working to better identify its regions and hopes federal aid will help with that.

“One of the things that the SLTT grant gives us is on the way to show the world about cybersecurity,” he said.

Alaska wants to look first at creating an advisory body to inform community needs and help guide its cyber security plan. Letterman said it will be important for the council to include voices from areas where one person manages IT roles along with multiple other roles.

His goals are close to time Alaska includes improving the ability to protect the information of government employees and residents, using a trustless approach to protect remote workers and increasing education, training and other security awareness efforts in the government.

Letterman added that uncertainty about when the aid would arrive has created some obstacles, but said the money “has a lot of potential.”

“We’re still on hold with the federal government as to when the Notice of Funding Opportunities will hit the road,” Letterman said. “And that will tell us a lot about how we can address some of those needs and fulfill some of the things that the SLTT grant has.”


(c)2022 Government of technology

Visit Government Technology at

Published by Tribune Content Agency, LLC.