Stay Informed! Employer Considerations Surrounding:  COVID-19

Tribal Nations Experiencing Growing Cyber Risks

Cyber Liability, Government, Property & Casualty

Organizations of all sizes and industries are taking a closer look at their digital infrastructure and tightening their cybersecurity guidelines. Ransomware, business email compromise, and social engineering are getting board level attention at a rate never seen before. This is a daunting task for most companies, but tribal nations are particularly challenged. With government infrastructure, health care, gaming/hospitality, technology, education and other exposures – it is especially challenging to manage cyber risk across such a broad suite of enterprises.

Ransomware poses major threat to tribal entities

Ransomware is defined as a type of malicious software designed to block access to a computer system until a sum of money or other consideration is paid. Ransomware is spread most frequently by phishing emails, but can also come from clicking a website’s link that unknowingly downloads malware (known as “drive-by downloading”). Malware, or malicious software, infects the system shutting down servers, encrypting information, or exfiltrating data. A demand is made – typically requesting cryptocurrency – with an expiration date and time. If a company or individual decide to make payment, they transfer the funds. If successful, a key is provided to decrypt data, servers are back up and running, or data is promised to be destroyed. The average ransom demand soared in 2020 to $312,493 from $115,123 in 2019.

Tribal operations at all levels are exposed to this type of cyber risk. Most are lead to believe the casino is the most vulnerable to an attack, specifically ransomware, but breaches often occur at other tribal entities. For example, the municipal secretary clicks on a bad website link, or a C-store retail manager responds to a phishing attack email. It is also not just computer workstations that can experience a breach, but also mobile phones, tablets, and other electronics with internet access.

East coast tribal nation hit by ransomware attack

Headlines were made in late 2019 when an east coast tribe was hit by a ransomware attack. This came at a time when ransomware was gaining some steam as the cyberattack of choice for criminals. But this was a particularly curious situation, as it was a rogue insider who caused the incident. The tribe was down for days in an attempt to contain the breach and were unable to provide services to members. Ransomware has proliferated from a political attack, to a much more ubiquitous means to financial gain. This attack may illustrate the ability to shut down all tribal operations, but the thieves have become less discerning and cast a wider net.

Insurance solutions may pleasantly surprise some buyers, as the product has evolved in step with the exposure. Carriers are paying more claims than ever with indemnification for lost revenues, vendor expenses, ransom settlements, information asset restoration, and other relevant costs associated with a cyber-attack or breach. A robust policy will be written with the unique exposure of tribes considered, and will carry a reputable panel of vendors including privacy attorneys, digital forensics, and incident response firms.

Tribal nations should follow the lead of businesses who have taken a special and increased consideration for cyber risk. Ransomware demands continue to increase and activity is widespread. Taking time to consider a tailored, stand-alone cyber insurance policy is a critical part of cyber risk hygiene for tribal nations and their business entities.

Back to Insight Center