Are your schools at risk for cyber crime?

Cyber attacks on public entities

Like most organizations, schools rely on data, networked computer systems, and connections to the internet.


The Hoopeston, IL, area school district was hacked over a holiday weekend1  and parents received false emergency callout messages and pictures from the superintendent’s office. In Monroe County, FL., a school district was forced to shut down its computer system for five days² because the system was attacked by ransomware. The outage affected the delivery of student progress reports. And in Montana’s Flathead Valley, more than 30 public and private schools canceled classes because several schools received cyber threats³. The hackers sought payment via Bitcoin, a cryptocurrency and digital payment system, and threatened students with violence if their demands weren’t met.

These and other attacks are not only making headlines but they have a real impact, including costs to resolve, negative effects on reputation, and lost productivity.

Like most organizations, schools rely on data, networked computer systems, and connections to the internet. We suggest five things schools can do now to protect themselves in today’s digitally interconnected world.

  1. Educate users
    Although students, faculty, and administrators are busy, a cyberattack can effectively shut a school down. Implement training in cybersecurity, including how to report a security or privacy incident, and provide frequent reinforcement of the messages from the training.

  2. Control user access
    It’s important to control physical access to computers and data by requiring strong passwords and multi-factor authentication whenever feasible.

  3. Know your risk; determine your maximum loss
    It’s helpful to know what your school has at risk and what it’s worth. Look at the value of intellectual property, personal identifiable information, personal health information and the cost of business interruption.

    From the inside out, you should know what the probable maximum loss would be for:
    - Critical systems loss of use
    - Potential property damage
    - Contingency plans
    - Restoration time
    - Inefficiencies and extra expenses
    - Community and student impact

  4. Run an updated system
    Patching and updating operating systems and software regularly will protect you from most known vulnerabilities. Make sure firewalls, antivirus packages and other security software are properly configured. And test your backups regularly.

  5. Create scenarios to value your exposure
    This will help you analyze whether your school is properly insured for a cyber event.

We offer a comprehensive cyber insurance solution designed to help schools respond to a full range of cyber incidents, including:

  • Breach of personal information
  • Threat of unauthorized intrusion into or interference with computer systems
  • Damage to data and systems from a computer attack
  • Cyber-related litigation

Informed risk management decisions should protect schools from the threat of a breach, including decisions related to systems security. In short, be able to identify, protect, detect, respond, and recover.

September 3, 2018
September 13, 2018
September 18, 2017

Our experts
Richard Woytus
Richard Woytus
VP, Alternative Market Underwriting Manager Munich Reinsurance America, Inc.
Monique Ferraro
Monique Ferraro
HSB Counsel Cyber Practice