Why Should K–12 IT Teams Invest in Cyber Insurance Applications?
The unfortunate reality is that it’s likely only a matter of time before a school is impacted by a cyberattack. When it happens, having a cyber insurance policy could make the difference between shelling out millions of dollars and losing weeks of school or feeling virtually no long-term effects from an attack.
Data from the K12 Security Information Exchange shows that the nation’s public schools collectively average at least one cyber incident each school day. While this number itself is alarming, K12 SIX also estimate that “perhaps 10 to 20 times more K–12 cyber incidents go undisclosed every year.” For those that are reported, the impact is often devastating.
Echoing this sentiment, a Government Accountability Office report published last year found that schools lost anywhere from three days to three weeks of classroom time following a cyberattack. Highlighting the financial repercussions, schools also suffered financial losses of $50,000 to $1 million in response expenses. These expenses included recovering encrypted information, replacing computers and paying for legal services among other costs as part of the investigation.
DISCOVER: How can K–12 schools rachet up cybersecurity protections on a budget?
With the number of ransomware attacks on schools holding steady year over year since at least 2019, administrators don’t have time to waste protecting themselves — effectively mitigating risk with insurance — before they’re attacked. As threat actors continue to target schools, it’s clear that the upcoming July 1 renewal date for cyber insurance policies is an important date for admins to keep in mind.
How Cyber Insurance Protects Schools from Cyberattacks
For K–12 schools, cyber insurance acts as liability insurance in the event of a cyberattack on a district. It can pay for expenses incurred as the result of an attack, often including services to stop the ongoing threat (i.e., remediation), data restoration, recovery and downtime, as well as potential ransom payments. These policy benefits can be the difference between an attack causing trivial inconvenience or communitywide disruption and news headlines.
KEEP READING: Follow these 8 precautions to prevent insider cyberattacks.
Historically, insurers have based the terms of cyber insurance policies — coverages, limits, deductibles and price — on the quality of a district’s cybersecurity measures. As a result of increasing cyber claims over the past several years, insurers have incrementally raised their eligibility standards, leaving resource-constrained schools with a failing security grade and little to no insurance benefits.
How Can K–12 Districts Improve Their Eligibility for Cyber Insurance?
Schools that have experienced a cyber incident or made a claim in the past should document the steps taken since to remediate the causes and improve the district's security posture. Don’t forget, small steps matter.
IT leaders can use rising insurance requirements as leverage with district leadership to position security projects they’ve historically wanted but have yet to receive funding for.
In all cases, execute and document foundational successes completed in the summer. This can include things such as patching, system configuration, identity and access management, firewall upgrades and security awareness training. District leaders should also document plans for additional implementations as milestones throughout the school year.
Certain IT enhancements are great extra credits on an insurance application. These include:
- vulnerability management
- 24/7 monitoring
- managed detection and response
- log retention
- backup snapshots
Moreover, with security operation solutions becoming more economical and accessible to small and midsized organizations — and their benefits extending to insurance terms — district leaders and technologists are encouraged to pursue advanced services.
As the summer continues, K–12 IT leaders should have cyber risk management, cybersecurity and cyber insurance on their to-do list. With today’s threat landscape, districts can’t afford to lose precious classroom time for their students, much less pay hundreds of thousands of dollars in ransom to attackers targeting their school.
UP NEXT: What do IT leaders need to know about cyber liability insurance?