Estimated reading time: 6 minutes
The Headache In Carolina Beach
A coastal town in North Carolina found out just how costly cyberattacks can be, and it put government cybersecurity in the spotlight. Carolina Beach reported that thieves stole $487,994.80 from town funds in two separate incidents. According to Port City Daily, the losses affected both the enterprise and general funds. Town leaders spoke openly about the impact. “This has been a soul-crushing experience for our staff of career public servants,” Mayor Lynn Barbee told Port City Daily. Officials said the town’s cyber insurance covered up to $25,000. The remaining losses were covered by shifting internal funds and making budget adjustments.
This Carolina Beach cyberattack incident sounds like a local scandal, but it represents a national trend in government cybersecurity. Attackers now target payments, identities, and trust, not just files. They take advantage of process gaps during system updates. Carolina Beach officials said they were updating controls after a National Guard review. They also improved payment checks and added multi-factor authentication, according to Port City Daily. Timing is important because transitions can cause vulnerabilities. Staff also feel pressure to keep services running smoothly.
Threat Actors Target People Before Systems
A new KnowBe4 white paper, “Securing the Public Sector at Scale: How Unified Human Risk Management Drives Cyber Resilience,” describes the public sector as a high-pressure target. It notes “advanced threat activity, chronic staffing shortages, and a rapidly expanding regulatory environment.” The report also says attackers have shifted “toward the human layer.” It highlights phishing, credential compromise, and “identity-driven attack paths” that can get around strong security settings.
KnowBe4 points out the usual threats: ransomware, phishing, and business email compromise. The report also emphasizes more precise tactics. It says modern phishing can copy trusted messages and impersonate leaders. It also notes that BEC now uses “behavioral profiling and AI-generated pretexting.” The main point is clear: “Human behavior remains the #1 attack surface,” the paper says.
The risks appear in city financial records. A fake vendor change request can quickly move money. One rushed click can give away credentials. A tired employee might approve an urgent wire transfer. These actions may seem minor at the time, but they can lead to major losses.
Local Governments Carry A Heavy Share Of Ransomware
KnowBe4 refers to the 2025 Verizon Data Breach Investigations Report for a key statistic. The paper says local governments made up about 43% of ransomware victims in 2025. This figure is significant for insurers, brokers, and taxpayers. Local agencies handle payroll, utilities, permits, and public safety systems, all of which need to stay online. Attackers know how important these services are.
Schools also feel the pressure. Districts keep student and staff records. Universities operate open networks and handle large amounts of email. The report sees both education and government as common targets.
KnowBe4’s press release shares this perspective. It describes threats as “unrelenting” for both government and education. The release also mentions ongoing staffing shortages and compliance challenges. CEO Bryan Palma explained the mission in practical terms. “The public sector manages vast amounts of sensitive data,” he said. He also pointed to “limited budgets and resources,” as well as threats from nation-state actors.
One Minute Watch – Securing The Public Sector – Election Security
Small Teams Face Big Compliance And Tool Sprawl
The white paper also talks about staffing problems. It says many public agencies struggle to hire or keep cybersecurity experts. Some teams are reduced to just one administrator. Even then, they still have to manage identity systems, monitoring, incident response, and audit requirements.
At the same time, compliance requirements are growing. The paper lists FedRAMP, FISMA, NIST 800-53, and CISA Zero Trust for federal agencies. It also mentions CJIS, IRS 1075, HIPAA, and NIST CSF for state and local agencies. The report says each framework needs “auditable evidence,” not just yearly check-ins. Manual tracking can overwhelm teams, and spreadsheets often fail under close review.
Having too many separate tools slows things down. The report says many agencies use disconnected systems for filtering, training, triage, DLP, and incident response. As a result, alerts are scattered across different dashboards. User-reported phishing also builds up for manual review. The paper adds that older secure email gateways often miss identity-based attacks.
Automation And Microsoft 365 Become The Center Of Gravity
KnowBe4 notes in Securing the Public Sector: “Automation is no longer optional.” The report recommends using automation for triage, remediation workflows, and compliance reporting. It also calls for ongoing training reinforcement.
The report also takes a practical approach. It says Microsoft 365 is the most widely used productivity and security platform in the public sector. The report suggests that improving M365 is faster than adding unrelated tools. This idea will appeal to cyber insurance underwriters, who want consistent controls, proof of training, and quick response times.
KnowBe4’s main message is about having a unified platform. It describes email defenses that use behavioral AI to spot phishing and impersonation. The platform also offers outbound protection to prevent misdirected emails and incorrect attachments. The report says it includes encryption and DLP rules that match CJIS, IRS 1075, and HIPAA requirements.
Training Shifts From Annual Videos To Continuous Coaching
The paper also looks at workforce training. It describes training based on job roles and targeted simulations. It highlights “just-in-time nudges” when users do something risky. The report also mentions automated phishing analysis for user-reported messages, using AI and threat intelligence.
KnowBe4’s press release includes a city-level endorsement that fits the theme. “Any fault in our technology or error from our staff could impact thousands of city residents,” said Hossam Reziqa, CIO for the City of Daytona Beach. He added, “KnowBe4 is, hands down, one of the best platforms to train users on emerging threats.”
For insurers, that quote highlights a key risk. Municipal risk often comes from everyday actions and payment controls. Carolina Beach officials said they plan to add more approval steps and verbal verification, according to Port City Daily. These steps can be more important than buying new technology.
Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
What This Means For Cyber Insurance and Government Cybersecurity
Carolina Beach’s $25,000 insurance cap is common for brokers. Many small towns choose low coverage limits and usually face higher costs after making claims. Higher limits can help, but better controls can also reduce the risk of a claim.
KnowBe4’s paper encourages leaders and auditors to provide measurable evidence. Underwriters look for the same proof. They want to see MFA adoption rates, phishing click statistics, incident response times, and controls for vendor payments and callback procedures.
Today, the market sees government cybersecurity as a cultural effort supported by technology. The paper’s main message is clear: agencies need simple, visible, and automated solutions to defend against attacks that target people.
Related Cyber Liability Insurance Posts
- R.E. Chaix Acquires US Pro To Expand Cyber Liability Insurance
- NEW – Cyber Insurance Podcast: A High-Vis Jacket Can Beat Your Firewall
- Personal Cybersecurity: 7 Powerful Ways to Stay Safe and Confident Online
- Cyber Risk Escalates as 48% of Breaches Go Unreported, New 2025 Report Warns
- Cyber Resilience Under Fire: New Data Exposes a Global Confidence Gap
