KnowBe4 released a new report showing the
continued impact cyber crime is having on state and local governments
entitled "The Economic Impact of Cyber Attacks on Municipalities".
KnowBe4's report details the financial costs, reputational effects,
level of public trust and other impact cyber attacks have on
municipalities. The report breaks down the impact cyber attacks have
into five target areas: the average financial loss from state and local
governments, the denial of service to citizens due to financial loss,
the frequency/types of attacks and the risk of recurring attacks, the
challenge of allocating capital to prevent attacks and the decline of
economic investment in municipalities.
Additionally, the new reports revealed ransomware continues to plague
municipalities in all industry sectors. Business email compromise (BEC)
attacks were also proven to be one of the most lucrative forms of cyber
attacks in 2022, generating billions of dollars lost across all sectors
and increasing across all sectors by 175%, with an 81% surge in 2022.
State and local governments are particularly vulnerable to these attacks
due to government transparency laws which allow cyber criminals to more
easily tailor their attack to the victim.
Key findings from the report include:
-
Many municipality cybersecurity budgets are underfunded or do not exist
at all. According to the National Association of State Chief Information
Officers (NASCIO), most state cybersecurity budgets are between 0% and
3% of their overall IT budget. Additionally, only 18 states have a
cybersecurity budget line-item and only 16% of states reported a budget
increase of 10% or greater since 2018.
-
The 2022 IC3 Report
reveals that in 2022, BEC attacks generated a total of $2,742,354,049
in losses across sectors, an increase of $346 million from 2021, and
$875 million from 2020.
-
There are 1.7 million ransomware attacks every day, which means 19 ransomware attacks every second. Cybersecurity Ventures
predicts that by 2031, ransomware will cost victims $265 billion
annually, and it will attack a business, consumer or device every 2
seconds.
-
Ransomware attacks on state and local governments last an average of 7.3
days. Down time alone generates an average loss of $64,645.
In addition to state and local governments, educational institutions are
also prime targets and victims of cyber attacks. In 2022, ransomware
impacted nearly double the amount of universities and colleges than it
did in 2021. Moody's,
which began tracking school districts in 2018, reports that the rates
at which school districts are targeted has increased "exponentially".
"Despite the many statistics and reports that detail the devastating
losses caused from ransomware, business email compromise and other cyber
attacks, many municipalities still find themselves underprepared for
these threats," said Stu Sjouwerman, CEO, KnowBe4. "Regardless of budget
or size, the best way for all industry sectors to defend themselves
against the threat of cyber attacks is to educate employees with
new-school security awareness training and learn to develop a healthy
skepticism of messages from even known contacts. Major municipality
targets such as local and state governments and education and healthcare
institutions are the backbone of civil service and society. Trained
employees are essential to support IT teams, strengthen security culture
and create a human firewall as the last line of defense to protect
industries across the board, especially the municipality sectors we rely
on everyday."
To download The Economic Impact of Cyber Attacks on Municipalities report, visit https://www.knowbe4.com/hubfs/Economic-Impact-of-Cyber-Attacks-on-Municipalities.pdf.