Municipal Ransomware Attacks: Legal Planning for Vulnerabilities, Strategies for Protection and Response

Cost Shifting Through Vendor and Consulting Agreements, Insurance

This program has been cancelled

A live 90-minute CLE webinar with interactive Q&A

Tuesday, October 15, 2019

1:00pm-2:30pm EDT, 10:00am-11:30am PDT

This CLE webinar will alert municipal counsel to the high risk and extremely costly threat of ransomware attacks, explain strategies to respond to an attack, and outline steps to reduce the likelihood and mitigate the cost of such an attack. This panel will focus on what lawyers can do to help support cyber preparedness and response strategies.


Municipalities of every size--from large metropolitan areas like Atlanta and Baltimore to smaller communities like Cockrell Hill, Tex., or Riviera Beach, Fla.,--are battling ransomware cyberattacks. In a ransomware attack, the hacker locks up some or all of a computer network and demands payment for a code to unlock it. During a ransomware attack, lawyers are asked to help cities to decide whether to pay this ransom.

Law enforcement agencies almost uniformly advise against payment. One argument is the chance that the unlock code won't work or fix the system. Further, once a municipality pays a ransom, that city and others face increased vulnerability to other ransom attacks. However, most ransom demands are lower than the cost of a system replacement and rebuild, making payment both tempting and arguably fiscally wise.

Advance legal planning can limit the likelihood and cost of a ransomware attack and provide a strong foundation to mitigate damage from an attack and make a decision on whether to pay a ransom. Agreements with hardware and software providers and outside consultants to address system vulnerability can shift the cost burden and minimize risk, as can various insurance products. Counsel should become aware of cybersecurity measures that meet or exceed industry standards of care.

Listen as this panel, experienced with such attacks, identifies the parameters of the known risk of ransomware and discusses how municipal counsel can aid clients in minimizing the occurrence and impact of those risks.



  1. Ransomware attacks
    1. The extent of attack (limited or total)
    2. Frequency and lack of a limit on target size and type
  2. Ransom payments
    1. Arguments for
    2. Arguments against
  3. Prevention and mitigation of cost
    1. Contractual provisions with software, hardware, and consulting service providers
    2. Insurance
    3. System set up issues


The panel will review these and other noteworthy issues:

  • How counsel to local governments can guide clients in planning for, avoiding, and minimizing the impact of ransomware attacks
  • Factors for and against paying a ransom
  • Advance steps to minimize the risk and impact of an attack


Hadley, Roy
Roy E. Hadley, Jr.

Special Counsel
Adams and Reese

For more than 30 years, Mr. Hadley has been a trusted advisor to high growth businesses, governments, and...  |  Read More

Additional faculty
to be announced.