A ransomware attack on a school district in upstate New York delayed the start of the year due to impeded operations. This problem is all too familiar with municipalities across the country, giving rise to a troubling trend—just this summer, a host of cities in Texas were victims of what has been described as a “coordinated” ransomware attack.

 Instead of homing in on bigger companies that hold troves of personal data, smaller organizations have become increasingly at risk as cybercriminals shift their focus. Our 2019 report, “Identities in the Wild: The Long Tail of Small Breaches,” found a 424% increase in breaches from 2017 to 2018, primarily due to “unsophisticated and unsecured” small businesses—previously deemed too small—being caught in the crosshairs, failing to keep up with ever-evolving hackers. Smaller cities may not have the resources to prioritize cybersecurity, and bad actors have taken notice.