KnowBe4 Finds State and Local Governments Struggle to Defend Against Ransomware and Business Email Compromise

KnowBe4 releases The Economic Impact of Cyber Attacks on Municipalities report and finds sectors struggle to defend themselves against cyber attacks due to lack of support

News provided by
KnowBe4, Inc.
March 30, 2023 11:40 Korea Standard Time

TAMPA BAY, FLA.--(Business Wire / Korea Newswire)--KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, released a new report showing the continued impact cyber crime is having on state and local governments entitled “The Economic Impact of Cyber Attacks on Municipalities”.

KnowBe4’s report details the financial costs, reputational effects, level of public trust and other impact cyber attacks have on municipalities. The report breaks down the impact cyber attacks have into five target areas: the average financial loss from state and local governments, the denial of service to citizens due to financial loss, the frequency/types of attacks and the risk of recurring attacks, the challenge of allocating capital to prevent attacks and the decline of economic investment in municipalities.

Additionally, the new reports revealed ransomware continues to plague municipalities in all industry sectors. Business email compromise (BEC) attacks were also proven to be one of the most lucrative forms of cyber attacks in 2022, generating billions of dollars lost across all sectors and increasing across all sectors by 175%, with an 81% surge in 2022. State and local governments are particularly vulnerable to these attacks due to government transparency laws which allow cyber criminals to more easily tailor their attack to the victim.

Key findings from the report include:

· Many municipality cybersecurity budgets are underfunded or do not exist at all. According to the National Association of State Chief Information Officers (NASCIO), most state cybersecurity budgets are between 0% and 3% of their overall IT budget. Additionally, only 18 states have a cybersecurity budget line-item and only 16% of states reported a budget increase of 10% or greater since 2018.

· The 2022 IC3 Report reveals that in 2022, BEC attacks generated a total of $2,742,354,049 in losses across sectors, an increase of $346 million from 2021, and $875 million from 2020.

· There are 1.7 million ransomware attacks every day, which means 19 ransomware attacks every second. Cybersecurity Ventures predicts that by 2031, ransomware will cost victims $265 billion annually, and it will attack a business, consumer or device every 2 seconds.

· Ransomware attacks on state and local governments last an average of 7.3 days. Down time alone generates an average loss of $64,645.

In addition to state and local governments, educational institutions are also prime targets and victims of cyber attacks. In 2022, ransomware impacted nearly double the amount of universities and colleges than it did in 2021. Moody’s, which began tracking school districts in 2018, reports that the rates at which school districts are targeted has increased “exponentially”.

“Despite the many statistics and reports that detail the devastating losses caused from ransomware, business email compromise and other cyber attacks, many municipalities still find themselves underprepared for these threats,” said Stu Sjouwerman, CEO, KnowBe4. “Regardless of budget or size, the best way for all industry sectors to defend themselves against the threat of cyber attacks is to educate employees with new-school security awareness training and learn to develop a healthy skepticism of messages from even known contacts. Major municipality targets such as local and state governments and education and healthcare institutions are the backbone of civil service and society. Trained employees are essential to support IT teams, strengthen security culture and create a human firewall as the last line of defense to protect industries across the board, especially the municipality sectors we rely on everyday.”

To download The Economic Impact of Cyber Attacks on Municipalities report, visit

To download KnowBe4’s Ransomware Hostage Rescue Manual, visit

About KnowBe4

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 56,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.

View source version on


View Korean version of this release


KnowBe4, Inc.
Kathy Wattman
Public Relations
(727) 474-9950

This is a news release distributed by Korea Newswire on behalf of this company.