Cybersecurity: Municipal service provider foregoes cyber insurance

Cybersecurity: Municipal service provider foregoes cyber insurance

Shortly before the serious hacker attack on its infrastructure, the municipal service provider Südwestfalen-IT decided against taking out special cyber insurance. Marcus Ewald, press spokesman for SIT, confirmed the decision, which was made unanimously in September 2023. After the cyber attack at the end of October 2023, more than 70 municipalities and districts, including Lüdenscheid, were affected by the effects, which led to the paralysis of large parts of the administration.

It remains unclear why Südwestfalen-IT decided against taking out cyber insurance and what costs would have been associated with it. According to SIT's statutes, the administrative board that made the decision is composed of 28 representatives elected from various districts and cities. Ewald did not provide any information about the potential terms of insurance and whether it would have covered the consequences of the hacker attack.

The North Rhine-Westphalia Consumer Center recommends cyber insurance particularly for companies with sensitive data whose business operations depend on its availability. Without cyber insurance, business liability remains an option, which SIT has through GVV Kommunalversicherung. From the SIT's perspective, business liability insurance could step in in this specific case, but the company did not provide any further information about this.

The final report from an external IT security office from Wuppertal revealed serious security gaps after the cyber attack, which have now been addressed by the new managing director Mirco Pinske since February 1st. Pinske emphasized his commitment to regaining customer trust lost as a result of the incident. After the attack was discovered, all systems were shut down as a precaution, most likely preventing any data leakage.