Hackers briefly brought down the Michigan state website last year to draw attention to the Flint water crisis.
In Columbia, Missouri, hackers shut down the city website for several days in 2014, apparently to protest the killing of a dog during a SWAT team raid several years earlier.
A hacker this summer breached Minnesota government databases and stole 1,400 email credentials, along with other information, to protest after a police officer was found not guilty in the shooting death of a black motorist.
Hacktivism — or hacking for a cause — is really a major concern for local and state governments, said Todd Wiltgen, chairman of the Lancaster County Board.
Rather than hack into a government database with the purpose of stealing information, such as Social Security numbers, to then sell or use, these cyberattacks on government are more often revenge-inspired, Wiltgen said during recent board discussions.
Hactivists hack into data to punish a municipality or a county, he said.
And as cyberattacks mount, both on private companies and government entities, city and county governments locally have decided to spend a little money on cyber insurance.
The city purchased a $3 million, 16-month cyber insurance policy that started May 1 for about $33,000.
Lancaster County commissioners recently agreed to purchase a $2 million, one-year cyber insurance policy for about $25,600.
Leaders for both the city and county were responding to the growing awareness of serious cyberattacks and to the better insurance products available.
"It’s not a matter of if local government will be hacked, but when," Wiltgen said.
He pointed to Ferguson, Missouri, where a group that calls itself Anonymous shut down some of the state’s website services to protest the shooting of an unarmed black teenager in 2014.
Defending the state’s computer network against hacktivists costs about $150,000, according to Missouri state officials.
Lincoln city government has self insured against cyberattacks since 2015 but decided this year to purchase an insurance policy for cyber liability exposure, said Bill Kostner, risk manager for the city.
The city has not had a major breach. "We have been fortunate," Kostner said.
But it is "prudent to have some protection. We don’t want to be held hostage,” he said.
Lancaster County commissioners looked at cyber insurance in previous years, but those products had too many exclusions and "didn't match what we needed,” said Sue Eckley, the county's risk manager. For example, until recently, coverage did not include a year of credit reporting for people whose information had been stolen.
Current coverage excludes acts of war, Wiltgen pointed out during board discussion of the policy. But it does cover acts of a foreign government, as long as the United States hasn’t declared war on them, he said.
Russia, China and North Korea are known for their hacking, he pointed out.
Governments can have two basic types of losses, Kostner explained.
There can be damage to a third party, including disclosure of employee information. There can be damage to the government itself, if a network is down or someone takes over a system and puts a ransom on it, he said.
County commissioners said they plan to talk with city staff about purchasing a joint policy in the future, since both governments share an information technology department.