Odd as it may seem to those of us who live and breathe cyber, tech and privacy insurance, I have heard anecdotally of municipal authorities who profess that their cities and towns do not need to incur the expense of buying these products. “Why do we need them? We don’t operate on the internet,” they reportedly have said.

Well, my response is “why don’t you think you need them?” Do you maintain a bank account? Do you store personally identifiable information about private citizens, whether in your property records, police files, tax databases or otherwise? Are your employees able to access your municipality’s computer systems remotely? Is it really possible that every single piece of information you maintain is recorded on paper and nothing is stored on a mainframe, whether located on- or off-site? Come on. Its 2010. That’s virtually impossible, isn’t it? Haven’t you read my December 23, 2009 post “No One is Immune. Even Government Entities Need Cyber/Tech Insurance?”

Since that posting, additional municipalities have suffered cyber attacks and been the subject of cyber lawsuits.

Most recently, hackers broke into a bank database and stole $378,000 in funds from the Town of Poughkeepsie, New York. Shortly thereafter, leaders of the neighboring City of Poughkeepsie, New York (same name, but this one’s a City) authorized the purchase of cyber insurance with a minimum policy limit of $500,000. According to the City’s mayor, it will be one of the first municipalities in its area (the Hudson Valley, north of New York City) to purchase such insurance. (I guess that officials in the other local towns and cities and their brokers don’t read this blog. Shame on them). Needless to say, if I was a broker or underwriter, I’d descend on the region and market the need for cyber insurance till I dropped. To their credit, officials in the City of Poughkeepsie also announced that they were increasing the limits on their employee theft (fidelity) insurance from $25,000 to $100,000 per occurrence and their separate theft coverage from $100,000 to $500,000 per occurrence for certain City officers, at an added cost of a reasonable $10,000 premium. Smart, prudent and forward thinking. (Now, about that name).

While this was going on, my own local municipality, Lower Merion Township, Pennsylvania, was involved in its own brouhaha. If you haven’t heard (and, to be honest, who hasn’t heard), the Lower Merion School District provides all of its approximately 2300 high school students with an Apple laptop. (No wonder my taxes are so high). What school officials didn’t do was notify students and parents that the laptops had built-in cameras which school officials could turn on and off without warning. While officials say this system was used only approximately 43 times, and only when the computers were reportedly lost or stolen, the use of the system on one occasion has lead to the filing a federal court class action lawsuit, purportedly brought on behalf of all Lower Merion high school students. Many local students and parents with whom I have spoken are not necessarily in favor of this lawsuit (I’ve heard comments like: “all I’m doing is paying lawyers… at the expense of increased taxes…” and “I’ll be taking money out of one pocket and putting it into the other…” and “the school district didn’t mean any harm; they were just protecting their property…”); nonetheless, it has caused the Township to hire Big Firm lawyers to investigate the situation and deal with the fallout. To the point, even if the School District didn’t do anything wrong, or simply made a mistake, the attorneys’ fees alone likely will run into the six figures. (My tax dollars at work). Would cyber insurance cover such an incident? Perhaps, depending on the facts and the coverages purchased. It certainly wouldn’t hurt.

In short, these latest incidents further highlight the need for underwriters and brokers to get out there and market cyber/tech/privacy insurance products to municipalities and other public institutions. How could the City of Poughkeepsie be one of the few communities in the Mohawk Valley to purchase such insurance? The Valley is an hour or so outside of New York City, as close to the insurance capital of the U.S. as one can be. And its communities are un- or underinsured? Seriously? Needless to say, there must be similar pockets of Americana which are similarly uninsured. In this age of computer crime and the ease with which insurance professionals can communicate with distant clients, it shouldn’t be difficult to get the word and the products out. In other words, let’s all get to work.