Strengthening Public Entity Crisis Readiness Before the Next Event

Why Crisis Communications Require a New Approach

The pace of information sharing has accelerated significantly. Social media often surfaces incidents before official channels respond, creating immediate public visibility and pressure.

This shift increases the importance of timely, accurate communication. Nearly all ransomware incidents in the public sector now result in operational disruption, with 98% leading to data encryption and system impact.³

Public entities must be prepared to communicate early, even when all details are not confirmed. Effective communication should clearly outline:

• What is known
• What actions are being taken
• When additional updates will be provided

Delays in communication increase the risk of misinformation and erode public trust.

Technology Investment Must Be Matched with Execution

Public entities continue to invest in emergency notification systems, GIS mapping tools and AI-enabled platforms to improve real-time decision-making.

However, technology alone does not ensure readiness. The financial impact of inadequate preparation continues to rise. The average cost to recover from a ransomware attack in state and local government reached $2.83 million in 2024.³

To be effective, technology must be:

• Integrated into response plans
• Tested regularly
• Supported by trained personnel

Systems that are not actively used and validated will not perform as expected during a crisis.

Balancing Holistic Planning with Specific Risk Exposure

Crisis events rarely occur in isolation. A single incident can trigger multiple operational challenges. For example:

• An earthquake may lead to fire, gas leaks and water system disruption.
• A wildfire may impact evacuation routes, utilities and public services.
• A cyber incident may disrupt operations while creating legal and reputational risk.

Public entities should develop a holistic response framework that defines leadership structure and communication protocols while also addressing risks specific to their geographic location and operations.

A Practical Framework for Improving Crisis Preparedness

Public entities can strengthen crisis readiness by implementing a consistent, repeatable process:

• Conduct monthly scenario-based discussions across departments.
• Assign responsibilities by role, not individual.
• Establish clear communication protocols for internal and external audiences.
• Test emergency notification and response systems regularly.
• Update crisis plans at least annually or when operational changes occur.
• Incorporate lessons learned from past incidents and near misses.

A simple but effective benchmark is whether the organization could respond to a major disruption tomorrow without hesitation or confusion.

Crisis readiness is an ongoing discipline that requires coordination, planning and continuous improvement. Organizations that invest in readiness reduce operational disruption, protect public trust and improve recovery outcomes.

Alliant Public Entity partners with public organizations to assess risk exposure, strengthen crisis response frameworks and align insurance strategies with operational realities. With extensive experience across municipalities, utilities, transit systems and public agencies, Alliant provides tailored risk management solutions designed to support resilience before, during and after a crisis.

Preparation is not about eliminating risk. It is about reducing impact and improving response when it matters most. Connect with an Alliant Public Entity specialist to evaluate current readiness strategies and identify opportunities for improvement.

Sources

[1] Comparitech. “Government Ransomware Attacks: H1 2025 Statistics.” Comparitech, 2025.

[2] Emsisoft. “The State of Ransomware in the U.S.: Report and Statistics 2024.” Emsisoft, 2024.

[3] Sophos. “The State of Ransomware in State and Local Government 2024.” Sophos, 2024.