Cities are easy prey for cybercriminals. Here’s how they can fight back

internet cyber

(NASA, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum. Author: Robert Muggah, Principal, SecDev Group & Marc Goodman, Founder, Future Crimes Institute
Make no mistake: the world is in the early stages of a techno-war against city governments and urban infrastructure. And while some cities have bolstered their capabilities to patch their vulnerabilities, they are entirely unprepared for the scale of cyberthreats that are coming.
 
Digital strikes are already coming hard and fast. In 2018, a massive ransomware attack launched by Iranian hackers shuttered Atlanta’s city hall for five days. This, the largest cyber breach recorded by a US city, disrupted police services, the processing of court cases, payment of parking tickets, business licenses and water bills, and even the nation’s busiest airport. In Baltimore, ransomware attacks in 2018 and 2019 shut down most of the city’s servers and paralyzed its 911 emergency call centre. And it’s not just big US cities on the front-line. Hundreds of smaller ones have paid hundreds of thousands of dollars in bitcoin ransoms to regain access to their own systems, including 22 towns in Texas last month.
The scope of the cyber threat to cities is becoming clearer. According to industry experts, more than 70 percent all reported ransomware attacks in the U.S. target state and local governments. At least 180 public safety call centers were also targeted in the last two years. Cyber criminals are deploying distributed denial of service attacks, ransomware and other off-the-shelf hacker tools to interrupt and burgle municipal networks. Their digital arsenals are sourced from the Deep Web and their weapons are fully automated, meaning attacks can run 24/7. The impacts of the cyber threat should not be taken lightly.
Lloyds estimates that New York city alone could face over $2.3 billion in cyber-related losses in 2020. Given their snowballing deficits, cities can ill afford the burgeoning costs of these digital incursions.
The economic cost of cybercrime has rocketed over the past year
The economic cost of cybercrime has rocketed over the past year
Image: Statista; FBI; IC3; US Department of Justice
Cyberattacks are not confined to US cities, of course. Virtually all cities large and small have to deal with looming digital disruption. In just the past few year ransomware was used to disrupt the municipal tram system in Dublin, to jam air traffic control and railway ticketing systems in Stockholm, and to shake-down power plants from Johannesburg to Hyderabad. While one might expect these attacks would have set off alarm bells for mayors, city councils and governors, not much has changed.

Why are cities so vulnerable?

One major reason cities have become targets for cybercriminals is because they are lagging far behind the digital revolution. Many of the underlying technologies running their critical infrastructure are outdated. City authorities often lack the skills to upgrade their systems. The brightest minds in tech rarely choose to work for cities, utilities or airports. Instead, they flock to Amazon, Facebook and Google where they earn many times the salary offered in the public sector.
As bad as things are now, technological acceleration could make things dramatically worse. While smart cities, connected homes and intelligent infrastructure will bring certain advantages, their complexity and ubiquity are a hazard for cities.
To date, most city hacks have occurred in “dumb cities”, meaning those that are not yet digitally wired – so imagine the kind of havoc that will ensue when hackers target intelligent transportation networks and traffic flow management systems. In the not so distant future, intelligent roadways – cars that interact with streetlights, ambulances, police cars and fire-trucks – will be widespread. In these environments, cyberattacks won’t just be inconvenient, they will produce pandemonium and ultimately loss of life.
When it comes to digital security, there is very little direction (or funding) being provided by national authorities to nudge states, counties and cities in the right direction. Instead, cities are flooded with technology vendors dressing-up their smart city offerings and touting their economic potential to neighborhoods and residents. There are powerful incentives for them to sell their wares. A study by McKinsey estimated the IoT alone could generate over $11 trillion in economic activity by 2025. In the rush to cash in, private firms are pressing municipalities to build out their infrastructure as quickly as possible but without safeguards to ensure they coexist with existing systems or are regularly updated, patched and protected to the standard required to maintain public safety.

How can cities protect themselves from digital infiltration and disruption?

While traditional crime fighting will continue to demand the attention of leaders and law enforcement agencies, the growth in cyberthreats can no longer be ignored. City and state leaders must adopt a digital security mindset. This means having contingency and disaster plans in place before the next smart-city emergency arises. Just as San Francisco has prepared for earthquakes for decades and Tokyo for tsunamis, so too must cyber-resilience and safety become a core component of disaster response plans for all cities.
Second, city executives have to assume a leadership role in ensuring the digital safety and security of their constituents, and not merely delegate this role to an underling. According to the International City and County Management Association, roughly 60% of municipal technology officials cite a lack of support from their elected officials and top appointees for their city’s poor cybersecurity. Digital security is not only about hardware and software. It is about adopting a comprehensive whole-of-city approach. Security must be conceived as an essential priority, something that is designed into every element of the urban infrastructure, not merely introduced as an afterthought. It requires developing the rules, regulations, procedures and budgets for city authorities, businesses and residents to prepare and respond to digital threats when and after they inevitably occur.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.
Platform activities focus on three main challenges:
Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.
The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.
For more information, please contact info@c4c-weforum.org.
Third, city authorities need to recruit the right personnel. In order to keep cities safe in the 5G era, public sector executives have to attract the right talent – including coders, engineers and cybersecurity experts. The appointment of empowered information security officers is critical, as is ongoing training and research. So too is a return to basics. In nearly all of the cyberattacks against our cities, a common theme repeats itself: human error and a failure to implement acknowledged best practices such as software patching, correct firewall configuration, frequent and redundant backups, and use of multi-factor authentication for logons. The overwhelming majority of attacks could be prevented with these changes alone.
Fourth, cities can go on the offensive and help incubate crowdsourced solutions to real and unexpected security threats. Making data publicly available is the first step; data that scientists, researchers and residents can use to help drive innovation and security in our urban spaces. Helping incentivize competitions and hackathons to develop solutions for expected and unexpected digital challenges are others. Partnerships, including with non-profit groups like Code for America, are worthwhile. So too are ‘bug bounty’ programmes that reward ethical hackers who uncover – and report – software security flaws. Crowdsourced cybersecurity and incentive competitions can bring global talent to any municipality, at greatly reduced costs. Supporting digital innovation ecosystems not only bolsters local capacity, it reduces reliance on outside vendors.
Fifth, cities need to initiate a conversation about the kinds of national, state and municipal rules and regulations required to meet the minimum digital security standards with the roll-out of new systems and devices. California recently passed data privacy and digital security legislation requiring all devices sold in the state to possess ‘reasonable’ security features designed to prevent unauthorized access, modification, or information disclosure. Cities would do well to share their experiences, but they must also look to the private sector for inspiration. Smart factories, for example, are very careful about protecting their intellectual property, building in systems of control that limit the possibility of technical, and human error and malfeasance. Many of these ideas could useful inform how the connected city secures itself.
As the world hurtles toward a hyper-connected future, some cities will thrive and others will fall behind. Many cities will struggle to pay for digital upgrades and security because they are already freighted with debt and unfunded liabilities. Some cities are (and will be) forced to sell off their public infrastructure at dizzying discounts, depriving the public of fair compensation of their true value. It is likely that large tech firms will play a growing role in privatizing city functions such as digital and physical infrastructure (as Google’s Sidewalk Labs has started doing in Toronto). There is a real possibility that the next generation of cities will be digitally fenced off, designing in security only for those who can afford to live there.
More positively, the rapid spread and lowered cost of new technologies means that some fast-growing cities in emerging markets may benefit from second-mover advantage. Cities across Asia and Africa are already skipping legacy systems – fixed landlines and railways, for example – and leapfrogging to newer, more efficient and cheaper options. Nairobi, for example, has transitioned rapidly to the use of digital currencies such as M-Pesa for its previously unbanked population and has essentially shifted to wireless systems rather than landline phones. The lowered cost of development and deployment mean that more and more cities in emerging economies can potentially avoid making the mistakes of their counterparts, while improving services to their constituents.
Cities need to adjust their priorities to the realities of a networked urban landscape before disaster strikes. While the conveniences of smart cities are enticing, they must be balanced carefully against the known risks. Given the very high likelihood of attack, metropolitan cybersecurity should be a priority for elected officials and policymakers, matched with the resources to build the right protections. Recognizing the precariousness of our situation is the first step. Attracting the best and brightest to public service is essential. So too is a broad discussion about the future security of our cities. The time to protect them is now, before another 50 billion hackable, un-patchable and un-upgradeable devices are added to the world’s digital grid. Because once that happens, there will be few if any options to go back and fix the mistakes we’ve made.

Discover more from The European Sting - Critical News & Insights on European Politics, Economy, Foreign Affairs, Business & Technology - europeansting.com

Subscribe to get the latest posts sent to your email.

Interesting reads

This article is published in association with United Nations.

US-Iran war: Renewed attacks in Strait of Hormuz prompts another global energy alert

This article is published in association with United Nations. Renewed attacks on shipping in the Strait of Hormuz unsettled energy markets on Wednesday and prompted calls from the UN maritime agency, IMO, for “maximum restraint and de-escalation”. Amid reports that three merchant vessels were hit along with Iranian targets, IMO Secretary-General Arsenio Dominguez condemned “reckless attacks” […]
This article is published in association with United Nations.

When AI hurts people, who’s to blame? Global experts grapple with accountability

This article is published in association with United Nations. Who is legally responsible when Artificial Intelligence causes harm? The issue took centre stage on Tuesday – day two of the first ever UN summit on AI governance, where leading experts warned of mounting evidence of human rights violations linked to the revolutionary technology. “Across 11 Global […]
UN News Humanitarian conditions in the Gaza Strip remain dire, with families in urgent need of shelter, healthcare and food.

Occupied Palestinian Territory: Aid restrictions in Gaza, ‘senseless’ infant deaths in the West Bank

This article is published in association with United Nations. Ongoing restrictions and closures of border crossings continue to hamper delivery of critical supplies into the Gaza Strip, amid mounting concern for children there and in the West Bank, the United Nations said on Monday.  UN teams in Gaza continued to collect food and fuel from the Kerem […]
About the author Sadia Khalid is a Scientist-Physician (MBBS, MD) at Tallinn University of Technology. She is driven by a commitment to advance public health and scientific understanding. With research interests spanning molecular medicine, infectious diseases, bacteriology, hepatology, and gastroenterology, she aims to contribute meaningful, evidence-based insights that support health, safety, and community awareness.

Heat, Flood, Fire: The Climate Crisis and the Body

This article was exclusively written for The European Sting by Ms. Sadia Khalid, a Scientist-Physician (MBBS, MD) at Tallinn University of Technologye. She is affiliated with the International Federation of Medical Students Associations (IFMSA), cordial partner of The Sting. The opinions expressed in this piece belong strictly to the writer and do not necessarily reflect IFMSA’s view on […]
UN Ukraine The aftermath of a Russian missile and drone attack on Kyiv in May 2026.

Civilian dangers multiply as drones transform Ukraine’s battlefield

This article is published in association with United Nations. As drones reshape the battlefield in Ukraine, they are also creating new and increasingly complex dangers for civilians, threatening recovery efforts, agriculture and global food security long after the fighting ends. “The battlespace has become a lot deeper, a lot wider and a lot more lethal,” Paul […]
© WHO/PAHO PAHO has mobilised emergency health supplies from its Strategic Reserve in Panama following the earthquakes that struck the country on 24 June.

Venezuela’s earthquake-hit hospitals pushed to the brink as disease risk grows

This article is published in association with United Nations. A week after earthquakes tore through northern Venezuela, hospitals in La Guaira are buckling under the weight of the disaster – and the risk of disease outbreaks in shelters is rising fast. An assessment by the UN-backed Pan American Health Organization (PAHO) found that all eight health […]
Venezuela earthquake disaster: needs ‘skyrocketing’, say relief agencies

Venezuela earthquake disaster: needs ‘skyrocketing’, say relief agencies

This article is published in association with United Nations. In Venezuela, a rescue operation in La Guaira has succeeded in getting a toddler out alive from under the rubble, six days since the double-earthquake disaster. The miraculous story of the three-year-old’s rescue in the worst-hit northern region came as tens of thousands of people remained without […]
© WFP/Maxime Le Lijour Much of Gaza will need rebuilding after the war with Israel.

Despite record $100 million shortfall, Palestine relief agency still ‘a critical platform’ for Gaza recovery

This article is published in association with United Nations. The UN agency serving 5.9 million Palestine refugees, UNRWA, continues to strive to deliver on its mandate while facing an unprecedented $100 million budget shortfall, a gap it hopes to narrow during Tuesday’s pledging conference at UN Headquarters. Operating primarily on voluntary donations since its inception in the […]
© UNOCHA Sloviansk in eastern Ukraine has been regularly attacked with aerial bombs and drones.

UN details humanitarian toll of strikes on Ukrainian power industry

This article is published in association with United Nations. Missile and drone attacks killed at least a dozen civilians in Russia and Ukraine over the weekend as both countries continue to launch long-range drone strikes. Tweet URL Ukrainian authorities reported eight civilians killed and 35 others wounded in Russian attacks on the city of Dnipro on […]
Photo credit: Luis Garcia The UN System is present in La Guaira, the region most severely affected by the devastating twin earthquakes that struck Venezuela.

Venezuela earthquakes leave 680,000 children in need of assistance: UNICEF

This article is published in association with United Nations. Some 680,000 children are among the 1.8 million people in need of humanitarian assistance following the earthquakes that struck Venezuela on 24 June, the UN child rights agency UNICEF reported on Sunday as rescue efforts continue. Damage to hospitals, schools, and water systems is exacerbating the situation for affected families, […]
This article is published in association with United Nations.

Europe heatwave breaks records as UN agencies ramp up health warnings

This article is published in association with United Nations. Climate and Environment As a record-breaking heatwave grips large parts of Europe, the World Meteorological Organization (WMO), national weather services and partners are mobilising heat-health action plans for millions of people facing dangerous temperatures.  The extreme heat is also impacting economic activities, infrastructure, agriculture and ecosystems, the UN weather […]
© Unsplash/Angus Gray Ship transits through the Strait of Hormuz have dropped by over 90 per cent since the crisis escalated in late February 2026.

Stranded Hormuz seafarers begin mass evacuation operation

This article is published in association with United Nations. As the UN International Maritime Organization (IMO) released more details of its plan to evacuate more than 11,000 seafarers stranded in the Strait of Hormuz, one mariner caught up in the emergency has described the ever-present fear of coming under attack. “You don’t know when the war […]
© Unsplash/Angus Gray Ship transits through the Strait of Hormuz have dropped by over 90 per cent since the crisis escalated in late February 2026.

World News in Brief: UN launches Hormuz evacuation plan, UNICEF youth champion killed in Gaza, Lebanon ceasefire ‘largely holding’

This article is published in association with United Nations. The International Maritime Organization (IMO) will begin implementing an evacuation plan for more than 11,000 seafarers stranded in the Strait of Hormuz, the UN agency announced on Tuesday. The development follows months of hardship and distress for thousands of innocent seafarers and comes on the heels of […]
© Unsplash/Michu Đăng Quang The emissions from electricity or gasoline that power air conditioners contribute to global warming. "It's time to come clean" and do more to promote renewable energy, the UN Secretary-General told the London Climate Action Week.

Climate crisis: UN chief lays out solutions blueprint for clean energy transition

This article is published in association with United Nations. As a deadly heatwave continued to grip Europe on Tuesday, UN Secretary-General António Guterres issued an impassioned appeal for more ambitious global action on climate change caused by fossil fuels, to prevent irreversible damage. In a major keynote speech at London Climate Action Week, the UN chief […]

Libya’s political process regains momentum, but window for action is narrowing, UN envoy warns

This article is published in association with United Nations. Libya has been mired in political dysfunction since the collapse of Muammar Gaddafi’s regime in 2011, which shattered State institutions and triggered recurring struggles over legitimacy and power.  The country’s current stalemate pits the UN-recognised Government of National Unity in the capital Tripoli against eastern-based authorities backed […]
© UNICEF Chad hosts refugees from conflicts in neighbouring Sudan, the Central African Republic and Cameroon.

World Refugee Day: UN calls for renewed commitment and solidarity

This article is published in association with United Nations. The UN High Commissioner for Refugees has called on the international community to strengthen support for the nearly 42 million people worldwide who have fled their home countries to escape conflict, violence or persecution. Barham Salih highlighted the contributions refugees make to their host communities as workers, students, neighbours, […]
© WFP/Htet Oo Linn Families in Myanmar have been hit hard by rising prices, with the most vulnerable struggling to meet their daily needs.

US makes $1 billion contribution to UN child rights and food agencies

This article is published in association with United Nations. Two United Nations agencies have together welcomed more than $1 billion in assistance from the United States to support their operations targeting millions of children and hungry families in more than 40 countries. This week the US State Department announced a more than $800 million contribution to the […]
© UNICEF/Oleksii Filippov A bouquet of flowers and soft toys placed near the site of a missile strike, left in memory of the children killed in the early morning attack in Kyiv, Ukraine, on 24 April 2025.

‘Darkest chapter’: Record child violations in 2025, with national forces leading the way

This article is published in association with United Nations. For the first time, soldiers and Government forces were responsible for more grave violations against children in armed conflict than non-State armed groups – and 2025 set a grim new record for the total number of child victims.  The findings come in the annual UN report on Children and Armed […]
© UNICEF/Sukhum Preechapanich Children in Thailand are enduring extremely hot temperatures and drought. (file)

Triple climate threats affect nearly half the world’s children

This article is published in association with United Nations. Drought, extreme heat and heatwaves are the most prevalent trio of hazards endangering millions of children globally, warned a newly released climate report by the UN Children’s Fund (UNICEF). About 1.1 billion children now face at least three overlapping climate hazards, threatening their health, education and survival, […]

Why don't you drop your comment here?

Go back up

Discover more from The European Sting - Critical News & Insights on European Politics, Economy, Foreign Affairs, Business & Technology - europeansting.com

Subscribe now to keep reading and get access to the full archive.

Continue reading

Discover more from The European Sting - Critical News & Insights on European Politics, Economy, Foreign Affairs, Business & Technology - europeansting.com

Subscribe now to keep reading and get access to the full archive.

Continue reading

The European Sting – Critical News & Insights on European Politics, Economy, Foreign Affairs, Business & Technology – europeansting.com