Cybersecurity Threats Continue to Target Public Entities

Phishing, vishing, SMiShing, and pharming – what does it all mean? All four terms refer to a type of cybersecurity attack – and together this group is the fastest-growing type of cybercrime.

VRSA understands that cybersecurity is not your organization’s top challenge or concern – and it shouldn’t be. However, as cybersecurity attacks continue to rise, it’s imperative to take steps to mitigate attacks – and to make sure you are covered.

VRSA has been providing cybersecurity protections to our members since 2012. Since that time, we have received more than 60 cyber losses totaling more than $700,000.

As cybersecurity threats grow more frequent and expensive, the global cyber insurance marketplace’s appetite for writing coverage has hardened, and scrutiny on in-place controls has increased.

This type of market volatility is why VRSA is here. VRSA was the first group self-insurance pool in the Commonwealth to provide cyber protections, and we continue to update our offerings to serve our members’ best interests.

As part of the VRSA difference, we offer our members robust training, services, and resources on cybersecurity.  Members have access to a cyber defense attorney to manage incidents and ensure our commitment to service is met.

Members also have access to tools and resources such as YourCISO, a cybersecurity application with a security health-check and sample incident response plans. The VRSA website provides information and resources on how members can develop in-place controls to reduce the likelihood or impact of a cybersecurity incident.

VRSA Director of Education and Training Thomas Bullock facilitated a panel discussion at the Virginia Municipal League 2021 Annual Conference on Cybersecurity: Ransomware.
VRSA’s Online University provides free, unlimited training courses on cybersecurity topics such as Preventing Phishing and Cybersecurity: Data Privacy and Safe Computing. And VRSA’s website includes resources such as cyber prevention measures for minimum, stronger, and best protections.  
VRSA Cybersecurity Counsel Darius Davenport discusses the importance of incident response plans and in-place controls at the VLGMA winter conference.

VRSA’s financial strength allows us to offer comprehensive cybersecurity protections with stable pricing to ease our members’ worries. VRSA’s cyber protections include first and third-party protections. We believe members should pay particular attention to their first-party coverages as all our related cyber incidents involved first-party protections.


  • Data breach expenses
  • Social engineering


  • Privacy liability
  • Network liability

What cybersecurity risk mitigation controls should be in place?

The following are minimum security standards. These standards are derived from the Cybersecurity & Infrastructure Security Agency (CISA) as well as cyber market applications. CISA is committed to leading the federal response to cybersecurity incidents and vulnerabilities. The CISA website contains information on services and resources for public bodies including cyber essentials, cyber hygiene services, tabletop exercises and more.

Minimum standards:

  • Cyber awareness training
  • Password complexity
  • Backups for key systems and databases
  • Firewalls
  • Multi-Factor Authentication (MFA) for remote access, laptops and privileged access
  • Patch management
  • Encryption while data is stored and in transit
  • Endpoint Detection & Response (EDR)
  • Secure Remote Desktop Protocol (RDP)
  • Active directory/service accounts
  • E-mail filtering

If your organization is lacking any of these mitigation controls, we encourage you to consider implementing these controls to reduce the likelihood/severity of an incident.

Helpful Links

For more information, please visit or contact your VRSA Member Services Representative.