Bonds

State bans on cyber ransom payments viewed favorably by Moody’s

Laws proposed or passed by several states prohibiting local governments from paying ransoms in cyberattacks are viewed as an encouraging trend by Moody’s Investors Service.

The laws enhance preparedness and incident response, which Moody’s wrote in a commentary, are both credit positives for local governments.

“The measures to prohibit ransomware payments will encourage local governments to be more proactive in implementing cyber risk prevention initiatives, since they know they will not be able to pay cybercriminals for the keys to the ransomware,” Moody’s Assistant Vice President Gregory Sobel said.

A photo illustration of a ransomware attack. Moody’s acknowledged that banning local governments from paying ransoms could cause “teething problems” in the short term.

Adobe Stock

The measures also require local governments to report cyber incidents, which increases the likelihood of “a coordinated response with better-equipped state governments,” Sobel said.

North Carolina’s stringent law approved in November prohibits municipalities from paying a ransom related to a ransomware attack and even communicating with any cybercriminals instigating the ransomware attack. Florida’s House Bill 7055 that prohibits ransom payments passed the House and Senate and awaits the governor’s signature.

New York’s Senate bill, S6806A, that would prevent government, businesses and healthcare entities from paying a ransom, is in committee. 

The Pennsylvania Senate approved its law banning ransom payments, but it has languished in the House’s judiciary committee since January, according to its bill tracker website. A similar law in Texas died in committee.

Moody’s acknowledged that banning ransom payments, while credit positive in the long term, might create “teething troubles” in the short term.

“For example, if a local government is attacked and cannot pay to restore system access, critical data could be lost and operations disrupted for an extended period,” the analysts wrote in Thursday’s analysis. “As a result, the financial impact may be greater than if a municipality were allowed to make the ransom payment.”

The success of the laws will depend on the states’ willingness to enforce the laws and provide funding and management support for local governments.

Other states have created support systems that don’t involve banning ransom payments, Moody’s said.

Maryland’s governor signed a law that created a cybersecurity fund to help local governments upgrade their securities systems and requires certain local agencies to undergo annual security assessments. Arizona and Iowa have both created cybersecurity command centers to support local governments.

Articles You May Like

Data centers powering artificial intelligence could use more electricity than entire cities
Mutual fund inflows top $1.2B, half into HY
California’s Santa Barbara borrows for police station and park
Gautam Adani indicted in the US for alleged bribery scheme
Activist Ananym has a list of suggestions for Henry Schein. How the firm can help improve profits