Houston City Council on Wednesday unanimously agreed to spend $471,000 on cyber insurance, becoming the latest Texas municipality trying to bolster its response to growing technological risks.
The insurance can cover up to $30 million in expenses related to security breaches in the city’s network, including crisis response, recovery of losses and answers to legal claims stemming from cyberattacks.
While some data breaches are preventable, the prevalence of cybersecurity threats against city governments nationwide prompted Houston to take steps to insure itself, said At-large Councilman David Robinson, chairman of council’s Transportation, Technology and Infrastructure committee.
“There are those things that are just beyond the reach or scope of expected due diligence and preparation,” Robinson said. “You need to be prepared for the unknown.”
In the event of a cyberattack, such as hacking or phishing, in which people pose as trustworthy sources to obtain money or information, the insurance coverage could pay for crisis management resources, computer forensics, credit monitoring and call center services.
After a security threat is detected, the new policy could cover any loss of income or expense from the interruption of computer systems, according to council background materials outlining the insurance. It could be used to pay the cost of restoring or recollecting data affected by a cyberattack, as well the cost of investigating threats. The insurance policy also can be used for liability claims made against the city for failing to protect data or prevent access to confidential information.
This makes sense. Of course, as an organization you want to do everything you can to prevent an incident, but as we say in the business, it’s not a matter of if you’ll get hacked, it’s a matter of when. Like what happened to Harris County earlier this year. All of your vendors and suppliers and business partners are potential avenues for compromise, too. While I hope we’ll never need to use it, this is a smart investment.