•  
  •  
 

Abstract

In 2023, the Los Angeles Public Housing Authority was hit by the LockBit ransomware gang, which claimed to have exfiltrated 15 terabytes of data. In another incident, hackers impersonated a vendor and diverted nearly $1 million in housing funds from a second California agency. Public Housing Authorities (PHAs), which handle large amounts of sensitive data, are increasingly being targeted by cyberattacks. These attacks often exploit the weak cyber defenses and broad risk profiles of these relatively unsophisticated entities. With limited resources and few avenues for recovery, PHAs are left vulnerable to, and by, cyberattacks, threatening the vital services they provide. One potential solution to improving cyber resilience among PHAs is cyber insurance. However, the practical application of cyber insurance remains unclear, particularly in underexplored sectors like public housing. With limited actuarial data and constantly evolving cyber threats, insurers are reluctant to offer coverage. Even when coverage is available, cyber insurance policies tend to be expensive, have low limits and numerous exclusions, lack standardization, and are difficult for resource-constrained organizations like PHAs to interpret and navigate. This article seeks to clarify the specific cyber threats PHAs face, examine the barriers to insuring them against these threats, and explore the nuances of cyber policies as interpreted in the existing caselaw. Building on that foundation, it then proposes several recommendations for PHAs pursuing cyber coverage—from adopting best practices to navigating the uncertainties of policy language—in an effort to make cyber insurance more accessible and practical for these entities. Such proposals aim not only to strengthen PHAs’ digital resilience but also to enhance their capacity to withstand cyber incidents that threaten their vital operations and the vulnerable populations they serve.

First Page

133

Download

Included in

Law Commons

Share

COinS