Civic News
Business / Cybersecurity / Municipal government

Baltimore bought $20M in cyber insurance. Such policies are becoming more common

Liability protection is entering the digital realm. We asked an expert to explain.

Baltimore City Hall. (Photo by Flickr user Mr.TinDC, used via a Creative Commons license)

In the wake of the spring’s ransomware attack against city government computer networks, the City of Baltimore took a step this week toward protection in the event of future cyber attacks. But instead of technology, this particular purchase involved insurance.

The Baltimore Board of Estimates, which votes on spending decisions for the city, approved the purchase of cyber liability insurance for a total of about $835,000. Between two policies from Chubb Insurance and AXA XL Insurance, the city has $20 million in cyber liability coverage.

According to city documents, this provides for cyber incident response coverage, as well as costs of business interruption and digital data recovery, among other provisions.

While work is ongoing of “building a better and stronger and more protected network” to prevent future attacks, these policies offer a “safety net,” said Sheryl Goldstein, the mayor’s deputy chief of staff of operations. Cyber attacks are becoming more common against public entities, as Baltimore was among more than 20 cities to be hit with a ransomware attack this year.

We cover plenty of local companies that are offering ways to secure and protect data. At the same time, companies purchase insurance policies to protect against unforeseen losses. Cyber insurance brings this protection into the digital realm.

In general, cyber insurance is designed to provide for protection in the event of unexpected data loss, or if systems become compromised and are rendered inoperable, said Jeff Bathurst, director of SC&H Group’s IT Advisory Services practice.

It’s a growing tool for any organization that leverages technology. On the one hand, the threat landscape is changing all the time outside an organization. And inside, there is a risk that the people operating that technology will make a mistake.

Increasingly, business-to-business arrangements include requirements that companies have cyber insurance in place, as well: “It should be a part of the standard insurance portfolio for every organization,” Bathurst said.

In the event of a breach, a cyber insurance company coordinates third-party teams to provide legal help, as well as technology expert to help remediate the breach. Some insurance companies also work with teams that negotiate with attackers who are holding data at ransom on a company’s behalf — though it’s not clear whether the city’s policy has this service.

The City of Baltimore is spending less than a million dollar for insurance. Contrast that with $18 million that city officials have said was spent to recover from this year’s ransomware attack.

In the field in general, Bathurst said the insurance product continues to evolve even as it becomes more ubiquitous. Insurance companies are working to come up with more accurate models, while companies are still figuring out how much cyber insurance coverage they need.

For companies, Bathurst said, “one of the biggest challenges for people trying to address a cybersecurity event is, how far does it go and will we ever know?” Because unlike theft of a physical item, cyber attacks infect a network and spread, making it harder to understand the extent.

Companies: City of Baltimore

Before you go...

Please consider supporting to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.

3 ways to support our work:
  • Contribute to the Journalism Fund. Charitable giving ensures our information remains free and accessible for residents to discover workforce programs and entrepreneurship pathways. This includes philanthropic grants and individual tax-deductible donations from readers like you.
  • Use our Preferred Partners. Our directory of vetted providers offers high-quality recommendations for services our readers need, and each referral supports our journalism.
  • Use our services. If you need entrepreneurs and tech leaders to buy your services, are seeking technologists to hire or want more professionals to know about your ecosystem, has the biggest and most engaged audience in the mid-Atlantic. We help companies tell their stories and answer big questions to meet and serve our community.
The journalism fund Preferred partners Our services

Join our growing Slack community

Join 5,000 tech professionals and entrepreneurs in our community Slack today!


The Trump rally shooter perched on a building owned by American Glass Research. Here’s everything we know about it.

Quantum computing could be the next hot tech — if only that breakthrough would come

From global juggernauts to local government, this developer never stops serving

Despite EDA decision, the Baltimore Tech Hub is still possible: Kory Bailey

Technically Media