Civil disturbance events within a community could lead to physical vandalism, theft, arson and potential injury. In addition to these risk exposures, municipalities may be the focus of cyberattacks on their IT infrastructure. It has been recently reported that at least one hacking group launched a denial of service (DoS) attack upon municipal police departments and law enforcement agencies in an attempt to disrupt communications and response.

Denial of service attacks are often executed by flooding a target network with unwanted traffic. Cyberattackers do this by taking over a large number of internet connected devices to create what is known as a ‘botnet.’ The botnet is essentially a group of devices that are directed by hackers to simultaneously communicate with a targets’ server. This cyberattack can span several hours or days, can overwhelm its target, impair segments or render the entire system inoperable.

Preventing and Mitigating the Effects of a DDoS Attack

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued the following tips to help prevent and mitigate the harmful effects of a distributed denial of service (DDoS) attack*:

  • Enroll in a DoS protection service that detects abnormal traffic flows and redirects traffic away from your network. The DoS traffic is filtered out, and clean traffic is passed on to your network.
  • Create a disaster recovery plan to ensure successful and efficient communication, mitigation, and recovery in the event of an attack.
  • Install and maintain antivirus software.
  • Install a firewall and configure it to restrict traffic coming into and leaving your computer.
  • Evaluate security settings and follow good security practices in order to minimalize the access other people have to your information, as well as manage unwanted traffic.

If you suspect your system is under a DoS attack:

  • Contact your network administrator to confirm whether the service outage is due to maintenance or an in-house network issue. Network administrators can also monitor network traffic to confirm the presence of an attack, identify the source, and mitigate the situation by applying firewall rules and possibly rerouting traffic through a DoS protection service.
  • Contact your ISP to ask if there is an outage on their end or even if their network is the target of the cyberattack and you are an indirect victim. They may be able to advise you on an appropriate course of action.

Transferring DoS Attack Risks

Most cyber insurance policies will provide coverage for the bottom line costs due to business interruption that results from DoS attacks. To effectively transfer the risk before it happens, mitigate costs and pursue claim reimbursement:

  • Understand current policy language, including insurance coverage triggers, reporting requirements, exclusions, triggers, calculation of loss, self-insured retentions/deductibles, waiting periods, periods of restoration and requirements to use insurance carrier panel vendors.
  • Determine if the insurer have a standard proof-of-loss form that you can use as a starting point to document income loss and extra expenses.
  • The DoS attack may be used as a smoke screen for other cyberattacks which could involve data exfiltration. Work with pre-approved carrier vendors, including IT forensics firms, to confirm exactly what has occurred and that hackers are not in the network.
  • Notify your broker immediately of a cyber incident to guide you through the process of timely calculation and recording of both extra expenses and lost income. They can also assist you in with negotiations with the insurer to of the maximize recovery under the policy.

For questions about your municipality's cyber insurance coverage, contact your Gallagher team or learn more about our cyber liability insurance coverage.


Gallagher provides insurance, risk management and consultation services for our clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance/risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general informational purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient’s industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers control.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organizations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher Risk Management Services, Inc. (License No. 0D69293) and/or its affiliate Arthur J. Gallagher & Co. Insurance Brokers of California, Inc. (License No. 0726293).