Global Pandemic Spreads Already Limited Local Government Cyber Defense Capabilities Even Thinner

KnowBe4 releases The Economic Impact of Cyber Attacks on Municipalities report to reflect changing cyber threat landscape

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the release of an updated version of The Economic Impact of Cyber Attacks on Municipalities report.

WDC01-3KnowBe4 updated the research on financial costs, reputational effects, level of public trust and other impacts that cyber attacks have had on municipalities in recent years. The report breaks down the impact of ransomware attacks against state and local governments into five target areas: the average financial loss from state and local governments, the denial of service to citizens due to financial loss, the frequency/types of attacks and the risk of recurring attacks, the challenge of allocating capital to prevent attacks and the decline of economic investment in municipalities. Additionally, the new report revealed that ransomware is still the preferred method of cyber attacks against municipalities and continues to be a leading consequence of social engineering. However, the results of such attacks prove to be even more catastrophic as many state and local governments work through the variety of challenges presented by the COVID-19 pandemic and the shift in the workforce that followed as the majority of employees began working remotely.

Key findings from the report include:

  • Many organizations’ cybersecurity budgets are underfunded or do not exist at all. According to a study conducted by the National Association of State Information Officers (NASCIO), only 18 states have a cybersecurity budget. Additionally, only 16% of state's cybersecurity budgets increased by 10% or greater since 2018.
  • Only 40% of CISOs said they felt only somewhat confident that their state information assets are adequately protected from cyberattacks targeting local government and public higher education entities, according to a Deloitte-NASCIO study.
  • The average ransomware payment in the first half of 2021 was $570,000, while the average ransom amount demanded by cybercriminals for that time period was $5.3 million.
  • According to Accenture, from January to August of 2021, these five ransomware variants made up 75% of observed attacks:  Hades, DoppelPaymer, Ryuk, Egregor and REvil/Sodinokibi topping the list.
  • In addition to the direct monetary impact, the downtime caused by ransomware can be extremely disruptive. In Q3 of 2021, Coveware reported that on average, organizations faced 22 days of business interruption.

“Ransomware attacks continue to plague state and local governments on an all too regular basis,” said Stu Sjouwerman, CEO, KnowBe4. “Without proper security awareness training and education along with necessary funding to combat such social engineering threats, municipalities are left defenseless against cyber attacks that could be prevented. In recent years, many healthcare, law enforcement, higher education institutions and other critical services have had to literally pay the price, sometimes in the millions, to overcome ransomware attacks. As the world continues to change and work through the COVID-19 pandemic, the time to act and prepare for potential cyber attacks is now”.

To download The Economic Impact of Cyber Attacks on Municipalities report, visit

About KnowBe4

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 50,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.

Get the latest about social engineering

Subscribe to CyberheistNews