UPDATED Wednesday at 10:45 a.m.: Nearly two months after punting on buying $20 million worth of cyber insurance for the city, officials approved the decision Wednesday morning.
The protection is actually two separate insurance policies from Chubb Insurance and AXA XL Insurance, each for $10 million in coverage. The former will cost $500,103 per year, the latter $335,000, for a total of $835,103 annually, according to the city council presidentโs office.
Whatโs covered under the policies, according to the Board of Estimates agenda: cyber incident response, โincluding an investigative team,โ; losses from interruptions to business; digital data recovery; and third-party coverage for โcyber privacy and network security, payment card loss, regulatory proceedings and electronic social and printed media liability.โ
The board agenda says 17 insurance carriers submitted bids. Coverage from Chubb and AXA XL took effect as soon as the board approved.
The vote came just over five months after hackers struck Baltimore City computers and networks with Robbinhood ransomware, demanding bitcoin payments in exchange for restored control of municipal computers. The attack brought government functions to a standstill, with city employees unable to use their email accounts or computers for weeks, and suspended water billing for city residents for most of the summer.
Mayor Bernard C. โJackโ Young declined to pay the ransomโand even sponsored a U.S. Conference of Mayors resolution for other citiesโ top executives to do the sameโsaying that โ[p]aying ransoms only gives incentive for more people to engage in this type of illegal behavior.โ
Recovery from the attack cost the city $18 million in all, $10 million from direct costs and $8 million in projected revenue losses.
Frank Johnson, the cityโs top-paid official at the time, was roundly criticized for his response to the crisis, and is no longer with the Mayorโs Office of Information Technology as of this month after going on indefinite leave. It was the second attack during his tenure, following a March 2018 attack on the cityโs 911 dispatch system.
The spending board, made up of Young, Council President Brandon Scott, Comptroller Joan Pratt, City Solicitor Andre Davis and Public Works Director Rudy Chow, deferred action instead of voting to adopt these same cyber insurance policies in late August, the Baltimore Brew reported.
โWe just want to make sure the other members of the board know the terms and all that good stuff,โ Youngโs spokesman Lester Davis said at the time. He added, โThis is an important expenditure, and we want to go above and beyond to make sure they know all the particulars about the insurance.โ
Stefanie Mavronis, a spokesperson for Scott, said on Tuesday that the deferral was due to the council president and Pratt having not been briefed on the terms of the policies at the time. Both are more familiar with the plan this time around, she said.
Mavronis had said the council presidentโs office expected a full vote on adopting cyber insurance Wednesday, rather than another deferral. โEveryoneโs shared interest is in not delaying it further.โ
This story has been updated.
