A Once in a Generation Opportunity to Enhance Cybersecurity

Municipalities turn to VC3 when they have questions like, "Am I prepared for a ransomware attack?", "Do I have the right cybersecurity protections in place?", and "Is our sensitive and confidential information secure?"

It’s a tough environment out there for municipalities. If you’re afraid of a major cyberattack hitting your city or town, you’re not alone.

Web Content Filtering​ Employees

Municipalities are the most targeted sector by ransomware attacks.

Proactive, Long-Term View​

Municipalities are soft targets, often ill-equipped to defend themselves.

Increased Employee Productivity​

Cyberattacks cost cities lots of money.

cyber insurance

Without cybersecurity in place, a municipality could lose the ability to acquire cyber insurance.

Dark Web Detect

Cyberattacks cause severe legal, operational, and reputational repercussions to municipalities.

ARPA to the Rescue

On January 6, 2022, the Department of the Treasury published the Final Rule for the Coronavirus State and Local Fiscal Recovery Funds (Recovery Funds) portion of the American Rescue Plan (ARP). The Final Rule made it much easier for municipalities to use Recovery Funds for “government services,” loosely defined as “services traditionally provided by recipient governments […] unless Treasury has stated otherwise.”

This Final Rule expressly includes “modernization of cybersecurity, including hardware, software, and protection of critical infrastructure.”

Why It's Time to Act Now

You might have put off cybersecurity investments or assumed your current situation is fine. But the volume of cyberattacks and sophistication of cybercriminals continues to increase.

  • Cybersecurity is a critical infrastructure investment. You need a strong cybersecurity foundation to fend off cyberattacks, protect sensitive and confidential data, and ensure operational continuity.

  • The cost of cybersecurity services are a drop in the bucket relative to your overall ARPA funds. Compared to massive capital projects/investments (new roads, buying police vehicles, installing broadband, etc.), the cost of cybersecurity services is minimal. You can still fund many other projects while diverting a trickle of your funds to invest in cybersecurity.

Yes, You Can Use ARPA Funds for Recurring Services

Treasury and some municipal leagues are cautioning municipalities against using funds for recurring services. While well-intentioned, this guidance would only limit you to one-time purchases—which is not how addressing cybersecurity works. Because of the critical importance of addressing cybersecurity, there are many compelling reasons to address these needs with ARPA funds.

  • Precedent with operational maintenance: Like a new building or vehicle, you pay operational costs after the initial funding ends. Cybersecurity is not a one-time cost.

  • Subsidized services until 2026: It’s unheard of to get subsidized cybersecurity funding until 2026, yet that is the opportunity ARPA provides you.

  • Get ahead of laws and regulations: Laws, regulations, and mandates will eventually require heavier investments in cybersecurity. Pay for them now with ARPA funds, or later without them.


Any expenses must be obligated by December 31, 2024 and expended by December 31, 2026.

How VC3 Can Help

Cyber Assessments

Cyber Assessments

     For municipalities that:

  • Lack insight into their security vulnerabilities 
  • Have a cybersecurity strategy that is out of date
  • Must comply with regulatory mandates
  • Want to get cyber insurance and need help meeting requirements

Managed IT Services

     For municipalities that:

  • Lack proactive cybersecurity monitoring
  • Worry about cyberattackers exploiting vulnerabilities in their software
  • Want to protect against viruses, malware, and ransomware
  • Are not sure if they already have attackers inside their endpoint devices (server, desktop, laptop, etc.)
  • Don’t have a plan to respond to a cyberattack
Managed IT Services
Managed Security

Managed Security Services 

     For municipalities that:

  • Lack a cybersecurity strategy
  • Need protection against phishing attacks and social engineering attacks
  • Risk their users visiting malicious websites
  • Have attackers already inside their systems
  • Have attackers already inside an endpoint device (server, desktop, laptop, etc.)
  • Have had attackers steal user credentials and/or other sensitive information
  • Lack alerts that let them know a cyberattack is taking place

Data Backup + Disaster Recovery

     For Municipalities that:

  • Need to prevent permanent data loss due to cyberattacks 
  • Need recovery plans for major incidents such as natural disasters and ransomware 
  • Need to become operational within hours, not days or weeks, after an incident
  • Need real-time monitoring to quickly address data backup issues
Data Backup + Disaster Recovery

VC3 is a Leader in the Municipal Cybersecurity Space

8 Municipal Leagues

Endorse VC3

1,100+ Municipalities

Trust VC3

28+ Years

of Experience Serving Municipalities

“Quality, outstanding customer service that fits with the mission and values of the association.”

“The Municipal Association of South Carolina created a strategic alliance with VC3 in 1999 to provide much needed and requested IT services to our member cities and towns. Our alliance has grown only stronger over the years. VC3’s philosophy of providing quality products and outstanding customer service fits perfectly with the mission and values of the Association.” 

▸ Municipal Association of South Carolina

Take Action Today

If you have questions about APRA funds, your specific cybersecurity needs, and how VC3 can help, contact us today through the form below.