Newsletter

Cybersecurity Awareness Month: Plan, Prepare, Protect

Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, a time dedicated for the public and private sectors to work together to raise awareness about the importance of cybersecurity.

As cybersecurity threats become more sophisticated, and public agencies remain targets, the Authority is spotlighting the tools and strategies that help members stay resilient—from proactive assessments to incident-response planning.

Read More

Fully Funded Services for Members

The Authority offers fully funded cybersecurity services through a business partner, Triden Group, including a Cybersecurity Maturity Assessment using the National Institute of Standards and Technology (NIST) Cybersecurity Framework and internal and external vulnerability scans. Preferred pricing and a master services agreement make it easy to add additional services such as penetration testing and full incident-response exercises.

Members also have access to the following resources:

• KnowBe4 for security-awareness training
• Eagle Eye for cyber-risk management
• eRiskHub, a portal for cybersecurity resources and incident-response planning

Incident Response: NIST’s Four Phases

Great American Insurance Group, the Authority’s cyber liability insurer, stresses the need for a documented Incident Response Plan (IRP) covering:

• Preparation – Define protections and detection methods
• Detection & Analysis – Identify and assess an attack’s scope
• Containment, Eradication & Recovery – Stop the threat and restore operations
• Post-Incident Review – Evaluate effectiveness and improve

Key Cybersecurity Do’s and Don’ts

Do

• Implement the plan
• Maintain a chain of custody
• Involve legal counsel
• Preserve backups
• Craft public statements

Don’t

• Engage attackers
• Pay ransoms without legal review
• Power down encrypted systems
• Wipe hardware before forensic guidance

Cyber Stats to Know *

• 34 percent – State & local governments reporting ransomware attacks
• $2.8 M – Average cost to recover from ransomware in state/local government
• 1 in 6 – Phishing campaigns now use generative AI
• 241 days – Mean time to identify and contain a breach (181 to identify / 60 to contain)
• 49 percent – Breaches caused by IT or human error

The Authority encourages members to make October a month of action—proactive planning today ensures faster recovery when every second counts. For more information or to access these services, contact your regional risk manager.

*Source: Ankura, “Cybersecurity Statistics (2025),” citing The State of Ransomware in State and Local Government 2024 and IBM Cost of a Data Breach 2025.

 

 

< Back to Full Issue Print Article