There is a basic rule in municipal security: you do not broadcast your vulnerabilities. Yet, the administration of Sherman, Connecticut, recently did exactly that. This wasn't a leaked memo or a casual hallway conversation. According to the official Board of Selectmen agenda for March 26, 2026, "Cyber Insurance Premiums" was slated for public discussion. Town leadership evaluated the costs and formally decided to drop the municipality's coverage. Days later, buried in the April 2nd edition of the Town Tribune, they essentially printed a prospectus for international ransomware syndicates.

The revelation came disguised as a mundane bureaucratic update. Following that late-March discussion, it was noted that the town’s IT provider believes cyber insurance is unnecessary, relying instead on existing network safeguards. The report concluded with a remarkably casual note: "Both Mr. Lowe and Selectman Bob Ostrosky were comfortable with the assessment".

To a taxpayer, this might read like fiscal prudence. To a bad actor, it is a verified vulnerability. A municipal government—currently preparing an $18 million operating budget and funneling another $50 million into a massive school construction project—just confirmed it is operating without a net.

The Illusion of Safeguards

First Selectman Don Lowe’s "comfort" with this assessment exposes a severe misunderstanding of modern digital warfare. Claiming a town does not need cyber insurance because it has IT safeguards is the equivalent of canceling the fire insurance on Town Hall because you bought a dozen fire extinguishers.

No IT provider can guarantee that a well-meaning municipal clerk won’t click a highly targeted spear-phishing link. A firewall cannot preemptively neutralize a zero-day vulnerability buried in third-party software. In the current landscape, cyber insurance is not a luxury; it is the absolute baseline of fiduciary responsibility.

The threat facing Sherman isn't theoretical. Across the country, small municipalities are actively hunted by ransomware gangs because their digital infrastructure is notoriously porous, and eventually, they are forced to pay. When a town’s servers are encrypted, the civic apparatus stops. Police cannot access dispatch records. The tax collector cannot process payments. Town Hall is paralyzed. And because Sherman is currently moving tens of millions of dollars through its ledgers for the school renovation, the town is a highly lucrative mark.

An Uncapped Liability

This forces a harsh calculation. If the town's network is compromised tomorrow, the liability is entirely uncapped.

The math is unforgiving. Over the past three years alone, 246 ransomware attacks have struck U.S. government organizations, inflicting an estimated $52.88 billion in damages. The mean cost for a state or local government to recover from an attack in 2024 was $2.83 million—more than double the $1.21 million average reported in 2023.

The threat is accelerating. Between April 2024 and April 2025, ransomware attacks against government entities more than tripled, marking a 235.4 percent year-over-year spike. In the first five weeks of 2025 alone, attacks surged by 149 percent.

When the town is hit, where does the ransom money come from? Who pays the forensic cybersecurity firms charging thousands of dollars an hour to scrub the servers? Who finances the total reconstruction of Sherman’s digital infrastructure from scratch?

The IT provider who offered this optimistic assessment won't be paying the bill. The money will be drafted directly from the pockets of Sherman taxpayers.

When an administration manages tens of millions in public funds, dropping catastrophic coverage isn't a cost-saving measure. It is municipal malpractice. The Town Tribune dutifully printed this admission without interrogating the risk, treating a systemic vulnerability as a footnote. But taxpayers need to understand exactly what is at stake before they vote on this budget. The First Selectman may be "comfortable" operating without a net, but when the system crashes, the taxpayers are the ones who will hit the ground.