The funds will help pay for “cyber-attack remediation and hardening of the environment,” according to the city’s spending panel, the Board of Estimates, which is controlled by Mayor Bernard C. “Jack” Young.
The $6 million for information technology comes from a $65 million fund for recreation, parks and public facilities that allows use for “critical information technology infrastructure.” A city spokesman said the money was planned to be used for IT expenses.
Young said the city is also considering purchasing insurance against hacks.
The spending panel deferred voting Wednesday on a $835,000 contracting proposal to provide $20 million in cyber liability coverage.
Under the terms of the proposed contract, which was competitively bid, the first $10 million in the city’s coverage will be provided by Chubb Insurance at a cost of about $500,000. The second $10 million in coverage will be provided by AXA insurance at a cost of $335,000.
Young said the vote on the insurance was deferred because the other two elected officials on the spending panel ― City Council President Brandon Scott and Comptroller Joan Pratt ― hadn’t been briefed on the proposal.
“It’s something we really need, Young said. “We have to have that insurance.”
Baltimore’s budget office has estimated that the ransomware attack on city computers will cost at least $18.2 million — a combination of lost or delayed revenue and direct costs to restore systems.
It’s estimated the city’s information technology will spend about $10 million on recovery efforts by year’s end. The other $8.2 million in impact is from potential lost or delayed revenue, such as money from property taxes, real estate fees and some fines.
Lester Davis, a spokesman for Young, said the true cost might end up being smaller than the budget office’s estimation. He pointed out that systems for paying water bills and other city tickets and fines are now working, and money is flowing into the city again.
“This is one of the first directives the mayor gave,” Davis said of Young’s desire for anti-hacking insurance.
Baltimore’s government was struck in May by hackers who sought tens of thousands of dollars from the city after infiltrating computer systems and shutting down a majority of city servers. Young refused to pay, and the FBI is investigating the hack.
State and local government agencies have increasingly become victims of ransomware attacks, with the number exploding in 2016. Researchers have found that local governments often have poor defenses, and they present hackers with an attractive target.