The integration of technology in museums and cultural institutions has escalated their vulnerability to cyber attacks, as highlighted in a recent episode of The Insuring Cyber Podcast. Joshua Morin from The American Alliance of Museums emphasizes a proactive approach to cybersecurity, adopting a "when, not if" mindset. The concern stems from incidents such as the cyber attack on Gallery Systems, a software provider for U.S. art institutions, which compromised their ability to display digital works and manage internal documents. This attack underscores the trend of cybercriminals targeting key suppliers in the supply chain to access a broader pool of data.
Experts, including Anthony Dolce from The Hartford and John Farley from Gallagher’s cyber practice, point out that museums are not exempt from the radar of cyber threat actors, with the potential impacts of attacks reaching beyond financial loss to cultural and educational detriment. Museums’ role in public education and information sharing makes them susceptible to sophisticated spear phishing attacks, highlighting the importance of training staff to recognize and verify the authenticity of emails.
To mitigate these risks, implementing an incident response plan and considering cyber insurance are critical. Cyber insurance, in particular, is becoming a more discussed mitigation strategy, with expectations for more standalone policies tailored for museums and cultural institutions. As technology and interconnectivity grow, so does the complexity of managing cyber risks, making collaboration between museums, brokers, and underwriters essential in navigating the evolving cybersecurity landscape.