As cyberattacks against K-12 districts become more frequent and frequent, school leaders are paying the price in the form of higher cyber insurance premiums. One school district in Illinois reported a 334% increase in costs, and the Gallagher Report shows that this number is not unusual. The 2022 “Cyber Market Conditions” report shows that school districts can face a 100 to 300 percent increase in tuition costs if they don’t have “best in class” safety controls.
In some cases, insurance companies may refuse to cover areas without proper cyber security measures in place. This could leave school leaders scrambling to find new cyber insurance and raise incentives for companies to provide coverage.
“What you’re seeing is a shift from traditional to traditional,” said Paul Kinder, cybersecurity manager at Focal Point Data Risk. “Insurance is becoming more complex and more complex.”
LEARN MORE: 5 ways K-12 schools can prepare for a cybersecurity risk assessment.
Here’s what IT leaders need to know about cyber insurance, saving money and getting the support they need.
What Is Cyber Liability Insurance, And Why Do Governments Need It?
Cyber Liability Insurance protects school districts in the event of a cyberattack or data breach. The insurance covers costs that schools may face as a result of ransomware attacks and other cyber security issues.
How Can Schools Keep Cyber Liability Insurance Premiums Low?
Schools can save on cyber insurance premiums by upgrading their cyber security measures.
“If you want to renovate and you want to lower your premiums, cybersecurity insurance companies are targeting the most vulnerable customers,” said Victor Marchetto, senior cybersecurity analyst at CDW. “They are trying to reassess every time how much risk they have with different policies. So, if you don’t look dangerous to these institutions, you will pay less.”
But what types of upgrades are cyber insurance companies looking for, it’s more than just having the most expensive software.
“They’re looking at things like identity and access management, and two-factor authentication is a big deal. They want to make sure that people who have access have the right permissions,” says Kinder. “Also, they’re looking to detect and respond at the end rather than just having a firewall, and regular security awareness training.”
One way to make sure that these companies are the most dangerous is to go through them cyber maturity risk assessment. This assessment can help regional IT leaders determine where they need to improve their cybersecurity practices before being audited by insurance companies.
“It would benefit schools to do this as quickly as possible as far as renovations,” says Kinder. This gives the districts more time to change things before they happen.
Why Should Schools Rely on Outside Help for Cybersecurity Improvements?
School districts need to rely on outside help when it comes to improving their cyber security to ensure they detect any vulnerabilities in their systems. External agencies can conduct a more thorough and objective assessment of regional security.
Large organizations with dedicated CIOs or security teams can conduct their own cybersecurity assessments, but K-12 districts often lack the tools to do so.
“Having an outside partner is like an extra pair of eyes, someone whose job it is to monitor and evaluate other organizations,” says Kinder. “We bring growth and experience by looking at other different businesses that we can bring home.”
Beyond cyber maturity assessments, these partners can provide a variety of services to help schools ensure their security protocols are in place and ready to review when it’s time to update their cyber insurance.