Portal
Forum
Devolutions Force
Hub Business
Hub Personal
Devolutions Send
Devolutions Academy
RDM
Workspace
Launcher
In February 2024, several government departments in the Canadian city of Hamilton, Ontario (about 45 miles/70 kilometers from Toronto) were hit by a ransomware attack in which attackers demanded $18.5 million. The good news is that the city was able to use secure and validated backups to restore essential services within 48 hours, and avoid the massive ransom payment. The bad news is that some non-essential services were down for weeks, ultimately costing the city millions.
Despite the huge disruption, officials had at least one positive thing to say to outraged citizens: the city’s cyber insurance policy would cover the multi-million dollar tab, and taxpayers wouldn’t be on the hook. Except…it turns out they are.
In late July 2025, officials announced that its insurance company had denied the city’s claim for a simple, yet staggering reason: many of the departments that were victimized in the attack did not use multi-factor authentication (MFA), and this was deemed to be a root cause.
In the aftermath of the cyberattack, the Mayor of Hamilton stated: “This has been a test of our system and a test of our leadership…We are owning it, we're fixing it and we're learning from it."
Insight & advice from our Operations Security Specialist Patrick Pilotte:
There are indeed several things that the City of Hamilton —and many other organizations in the public and private sector — can learn from this costly incident. These include:
1 - MFA is no longer optional
Hamilton’s denied insurance claim highlights the risk of neglecting MFA. Beyond best practice, MFA is now a requirement for cyber insurance coverage and risk reduction.
2 - Prioritize immutable, off-site backups
Adopt encrypted, read-only backups stored off-site and conduct regular test restores. This was Hamilton’s saving grace and should be a baseline strategy for every organization.
3 - Incident response plans must be tested
A documented and tested plan is crucial for quick containment. Tabletop exercises ensure teams are ready to act with precision when an attack occurs.
4 - Leverage independent forensics
Third-party experts validate whether data was exfiltrated, uncover root causes, and provide credible reports for stakeholders. Their role is key in post-incident trust.
5 - Embrace a “Build Back Better” approach
Recovery is not just about restoring systems. It is also an opportunity to modernize, consolidate, and strengthen infrastructure for long-term resilience.
6 - Secure Multi-Year Funding
Resilience requires sustained investment. Hamilton has since adopted a multi-year budget to ensure cybersecurity is treated as a strategic initiative, not a reactive fix.
7 - Transparency Builds Trust
Open, clear communication with employees, citizens, and leaders is vital. Honesty in crisis fosters trust — the cornerstone of resilience.
Final thoughts
Hamilton avoided paying a massive ransom thanks to solid backups, but faced steep costs when its insurance provider denied coverage due to missing MFA. The City’s response, rooted in containment and a commitment to “Build Back Better,” shows how resilience can be achieved through modernization, structured funding, and transparency.
