Pooling cyber risks for public entities
When it comes to cyber risk and public entities, the current state of affairs is challenging at best: every entity has exposures; potential claim fallout is enormous; tech infrastructure is probably dated; resources are finite; and coverage is hard to come by. Cyber hackers know public entities are vulnerable and often target towns, cities, schools, etc., for ransom. When losses inevitably occur, cyber triage is critical—but necessary resources are expensive and in short supply. Furthermore, even if a public entity prioritizes and strongly promotes cyber hygiene among its employees, constituents, and business partners, the bad guys will always be one step ahead, and the market may be reluctant to cover risks.
In all of this, the realities of cyber risk today echo the insurance crisis of the 1980s, in which pooling has its roots. As in that earlier time, pools are uniquely positioned to help members solve this conundrum—both through coverage and member service and training programs. This brief white paper shares three specific approaches and highlights some commonalities between them for all pools to consider.