It’s routine today for people to pay bills online and shop on the Web using credit cards. But those who do so run the risk that passwords and bank account and credit card numbers might fall into the hands of hackers looking to make a quick buck.
As county governments conduct more of their day-to-day business online, they too, are vulnerable to increased risk for fraud and theft. To protect counties against these cyber security threats, the TAC Risk Management Pool (RMP) now provides Pool members with computer fraud and funds transfer fraud coverage as part of its crime coverage.
RMP board chair and Erath County Judge Tab Thompson said the board approved this new coverage at its December meeting “because we’re trying to get out ahead of the curve on this to serve the counties.
“On any given day, just with wire transfers, especially during tax season, counties can be transferring millions upon millions of dollars,” Thompson added. “That alone is enough to warrant this type of coverage.”
Counties’ Direct Losses Covered
Cyber security threats are ever evolving, increasingly complicated and growing due to the rapidly changing nature of technology. In recent years, cyber criminals have targeted local and state governments around the country in many ways, from intercepting wire transfers and re-routing the funds to offshore accounts, to stealing Social Security Numbers and other personal data from government databases and unleashing viruses to bring down government websites.
The new coverage offered by TAC RMP specifically covers the direct losses counties could experience through computer fraud and funds transfer fraud, said Jennifer Hall, TAC Risk Management Services deputy director. “That’s what most counties are more worried about,” she said.
“We heard from the counties and listened to them,” said TAC Risk Management Services Director Randy Plyler. “Counties have begun to recognize their exposure to this risk. We did a lot of research over the past year.”
“This coverage covers some specific exposures that we’ve seen the counties need and that the typical cyber liability policy that’s being marketed doesn’t really address for county government,” said Hall, adding that commercial policies routinely cover liability to others in the event of a breach of credit card information. “Counties have less exposure to that because they’re typically handling credit card transactions through a third party. They don’t have the same needs as a retail business. We’re creating coverage that addresses county-specific needs.”
Pool members receive the cyber coverage as part of the crime coverage package and have up to $100,000 in covered combined losses for both the computer fraud and funds transfer fraud coverages, Plyler said.
The computer fraud coverage ensures the pool will pay for loss of or damage to money, securities and other county properties resulting directly from the use of any computer to fraudulently cause a transfer of that property.
In general terms, this particular coverage could apply in instances such as a hacker breaching a county or bank computer system to steal county assets.
Under the funds transfer fraud coverage, the pool covers a county’s loss of funds that result directly from a fraudulent instruction directing a financial institution to transfer, pay or deliver funds from the county’s transfer account.
The 2009 cyber attack on the Central School District in Duanesburg, New York, is an example of how this type of theft might occur. Through a wire transfer fraud, thieves attempted to steal $3.8 million from the district. Fortunately, they were stopped and the district eventually recovered all but $500,000 of its money.
Pool Monitoring Evolving Issue
“Member counties with any concerns about their exposure to cyber liability should talk with their TAC risk management consultant,” Hall said.
Pool members received the coverage materials in January. Customer service representatives from the Pool are discussing the new coverage during their county visits and a webinar explaining details will be held in the near future, Hall said. “We’ll announce the webinar to members via email.”
The Pool will continue to keep tabs on the cyber security issues facing counties. “This is a rapidly evolving issue,” she added.
“That’s another good thing about the pools, is our ability to act quickly in an attempt to provide coverage to the customer counties,” Thompson said. “We have the capability to provide coverage in a short period of time if the risk is warranted. The Risk Management Pool is always trying to provide coverage that is pertinent to the counties we serve.” ✯