Chances are high that – provided you’ve attended a workplace seminar or webinar on the dangers of phishing, easy-to-make but high-risk errors and security awarenesses therein, and how to secure safe and controlled professional environments – you’ve likely heard of KnowBe4.

KnowBe4 is no stranger to real-time cybersecurity coaching and simulated phishing assessments for organizations of all sizes; it’s what they do. Founded in 2010 by CEO Stu Sjouwerman, KnowBe4’s security-integrated platform and its vast library of training materials have become go-tos for those seeking up-to-date information, readiness tools, and the know-how necessary to detect and handle myriad cyber threats.

Recently, KnowBe4 released a new report detailing the impact of cyber crimes on both state and local government entities. Titled “The Economic Impact of Cyber Attacks on Municipalities,” it covers how certain sectors are unfortunately struggling to adequately defend themselves against cyber attacks due to lack of support, as well as the specific impacts (i.e. financial costs, reputational effects, and wavering levels of public trust) that such malicious moves (e.g. ransomware) have on municipalities.

KnowBe4 broke down the report into several target areas:

• Average Financial Loss
• Denial of Services
• Frequency/Types of Cyber Attacks
• Methods of Distribution
• Challenges of Allocating Capital to Prevent Attacks
• The Decline of Economic Investment in Municipalities

Additionally, business email compromise (BEC) proved to be most lucrative for cyber attackers in 2022, according to KnowBe4; billions of dollars in losses were reported, which amounted to an 81% surge since 2022. (And, scarily, it’s still early in 2023.)

Other findings KnowBe4 shared included:

• In general, municipality cybersecurity budgets are underfunded (or don’t exist at all).

• BEC attacks generated a more-than-alarming total of $2,742,354,049 in losses across sectors, an increase of $346 million from 2021, and $875 million from 2020.
• With an average of 1.7 million daily ransomware attacks (i.e. about 19 every second), Cybersecurity Ventures predicts that ransomware will cost its victims $265 billion annually by 2031, with attacks about every 2 seconds, instead.
• Ransomware attacks on state and local municipalities last, on average, about a week. (7.3 days) That downtime alone generates average losses around $64,645.

There is still hope, thankfully. Per Sjouwerman:

“Despite these statistics that detail the devastating losses caused from ransomware, BEC and other cyber attacks, municipalities preparing for these threats can make all the difference in the world,” Sjouwerman said. “Regardless of budget or size, the best way for all industry sectors to defend themselves against the threat of cyber attacks is to educate employees with new-school security awareness training. They need to learn to develop a healthy skepticism about certain messages, even from known contacts.”

“Major municipality targets, such as local and state governments and education and healthcare institutions,” Sjouwerman added, “are the backbone of civil service and society. Trained employees are essential to support IT teams, strengthen security culture and create a human firewall as the last line of defense to protect industries across the board, especially the municipality sectors we rely on every single day.”