Company 
Team 
Local Government Partners 
Case Study
Company News 
Team Member Spotlight 
Managed IT Services
Co-Managed 
Managed Security Services 
Data Backup + Disaster Recovery 
Compliance as a Service 
SharePoint
Power BI
Web Design + Hosting
Application Development
Businesses 
Municipalities 
Local Government Services 
Healthcare
Manufacturing
Aerospace and Defense
Case Studies
Guides
News
Events
Municipalities
Healthcare
Managed IT Services
Compliance
Cybersecurity
Relentlessly targeted by cyberattacks, municipalities are facing scary repercussions as a result of ransomware, malware, and malicious hacker behavior. It’s scary to contemplate what hackers can potentially do to municipalities.
In 2025:
- The City of St. Paul, Minnesota experienced a ransomware attack that disrupted municipal operations.
- A ransomware attack on the City of Gloversville, New York ended up costing them $400,000 in recovery costs.
- The City of Michigan City, Indiana experienced network disruption as a result of a ransomware attack.
- A ransomware gang attacked the Lakehaven Water and Sewer District in Washington State, leading to disruptions in its bill payment system.
Are these hackers primarily hacking past firewalls, security software, and software vulnerabilities? Actually, 95% of all successful attacks over the past two years started in email. That means hackers are using trickery—also known as social engineering—to get employees to click on suspicious links and attachments, give up usernames and passwords, and enter your systems.
Evolving Threats
After hundreds of major and minor data breaches over the past 10 years, hackers are more easily able to access user credentials. In addition to using social engineering tactics to trick employees, hackers can also find stolen credentials on the dark web and use those credentials to break into your systems. In many cases, other hackers have done the hard work already. With so many ways to steal user credentials, the risk of a breach continues to increase.
Hackers also continue to exploit software vulnerabilities and outdated operating systems through zero day vulnerabilities (vulnerabilities that no one has ever seen before) and going after soft targets—such as municipalities. Many municipalities do not have rigorous cybersecurity measures in place, a reliable data backup system, and IT support that proactively monitors systems. Cybercrime rings, for example, may use automated software to look for vulnerable organizations—many of which include municipalities.
Cyber threat detection has also become a bigger issue for all organizations. Once inside your systems, hackers often remain undetected for many, many months. According to IBM's 2025 Cost of a Data Breach Report, it took an average of 276 days for organizations to identify and contain a data breach. That’s a long time for a cyberattacker to be inside your systems.
Cyber Liability Insurance
As cyberattacks increase and become more financially damaging, cyber liability insurance premiums have gone up. Cyber insurance premiums have increased by 30 percent in 2025. This increase is largely driven by an increase in ransomware attacks and a failure of organizations to implement baseline cybersecurity tools such as multifactor authentication (MFA), endpoint detection and response (EDR), and offsite data backups. While cyber liability insurance remains incredibly valuable, its premiums can be lessened by demonstrating cybersecurity best practices.
A Framework to Help Fend Off Cyberattacks
The National Institute of Standards and Technology (NIST) has created a widely accepted framework that covers what organizations need as part of a cybersecurity strategy—and this framework is flexible enough to apply to even smaller municipalities.
Identify
This part of the framework focuses mostly on assessing your cybersecurity risks, understanding unique cyber threats to your organization, and developing a plan to secure your data.
Protect
Most organizations already have some level of cybersecurity protection. This part of the framework includes solutions to proactively identify weaknesses in your IT infrastructure and alert your city to security-related issues. Multi-factor authentication, spam filtering, and employee training all fall under this category.
Detect
Often overlooked by organizations, detection technologies such as EDR are used to detect suspicious network traffic or behavior.
Respond / Recover
Finally, a cybersecurity strategy needs solutions and processes that help mitigate the impact of a security incident such as data backups, an incident response plan, and cyber liability insurance.
Ready for Better Cybersecurity?
Cybersecurity moves fast. Are you ahead of the cyberattackers? Having a strategic, proactive IT partner will help you shore up cybersecurity gaps and prevent cyberattacks.
VC3 partners with over 1800 organizations across the United States and Canada to reduce their cybersecurity risks. A strategic technology partner can work with you to ensure that you do not suffer severe consequences from ransomware or another cyberattack.
We can assess your cybersecurity risks, outline what you need to secure your IT assets, and help you build a budget and roadmap to get there. Complete the form below and we’ll schedule a free cybersecurity consultation with you to learn more about your cybersecurity needs.
