The Texas Department of Transportation could soon find out if state legislators expand the agency’s purchasing ability with Senate Bill 1908.
Cyber Insurance for the Texas Department of Transportation
Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that an entity can purchase to help reduce the financial risks associated with doing business online.
In response to the recent cyber incidents that affected the Texas Department of Transportation (TxDOT), state Senator César Blanco has proposed a bill that would allow TxDOT to purchase an additional cyber insurance policy.
In February 2019, Anomali, a cybersecurity solutions company, identified a phishing page posing as an actual TxDOT website.
“TxDOT spent over $10 million to identify and address the May 2020 attack in order to minimize disruptions to operations across the state,” Blanco said in an email. “Many of these costs are in the reimbursement process under TxDOT’s cyber insurance policy.”
One of the cyber incidents was the hit of ransomware, according to a May 15 message posted on Twitter by TxDOT, the attack struck on May 14, when a threat actor gained unauthorized access to the department’s computer network.
The network was shut down as soon as the attack was detected in an effort to contain the threat and prevent any further unauthorized access. With the usual channels disabled by cyber-criminals, staff were reduced to using social media to announce legal rulings.
Second Cyber Insurance Policy
The department initially purchased cyber insurance in 2019 as protection for toll revenue bondholders. However, the policy is being used to cover TxDOT’s IT system until its toll operations system can be efficiently segmented from TxDOT’s larger integrated IT system.
“As TxDOT continues to upgrade and refine its IT systems, there may come a time when the IT systems for toll revenue operations are completely separate from the rest of the IT system,” Blanco said. “This separation would require TxDOT to obtain a separate cyber insurance policy to cover an incident like the one TxDOT previously experienced.”
But how would purchasing another cyber insurance policy help achieve this? According to Christine Marciano, president of Cyber Data Risk Managers, it’s about having two different types of coverage.
“This insurance would cover first-party and third-party coverages,” Marciano said. “First-party coverage would cover the department in the event of a cyber or ransomware attack, while third-party coverage would cover individuals outside of the department that are affected by a TxDOT-related cyber incident.”
An example of third-party coverage would include calling, sending letters to or emailing individuals whose information has been compromised in a TxDOT data breach. Once notified, those individuals would receive offers for credit monitoring and even compensation depending on the situation.
Besides this, companies can have access to a team of forensic investigators to research and address cyber incidents as well as data breach coverage, cyber extortion defense, legal support and business interruption loss reimbursement.
Despite these benefits, many organizations and government agencies still question whether they should purchase cyber insurance.
Cyber insurance can essential help your company recover after a data breach, with costs that can include business disruption, revenue loss, equipment damages, legal fees, public relations expenses, forensic analysis and costs associated with legally mandated notifications.