Welcome back to Inside the Cyber Risk Playbook, a series where we speak with public entity risk pool leaders about how they are navigating rising cyber expectations, evolving insurance dynamics, and the practical realities of supporting members with limited time, staffing, and resources.
Many public entity pools are no longer asking whether cyber matters. The key question now is whether the effort going into cyber is creating visible progress.
Pools may already offer training, assessments, applications, broker resources, reports, or member guidance. But activity alone does not prove that risk is improving. For pool leaders, the challenge is turning that activity into meaningful member action, portfolio-level insight, and demonstrable risk reduction the pool can stand behind.
That challenge felt familiar to the team at Schools Insurance Group (SIG). Serving school districts across California, SIG had already been investing meaningfully in cyber risk management. But as schools became more dependent on digital systems and cyber threats accelerated, leadership recognized that effort alone would not be enough. What mattered was whether districts were improving in ways that strengthened resilience across the membership as a whole.
In speaking with Dr. Kelli Hanson, Executive Director, and Kris Packwood, Risk and Safety Coordinator at SIG, one thing became clear quickly: their approach was never about turning the pool into a cyber operations team. Instead, it was about creating shared direction—helping districts focus on the actions that mattered most, while building a stronger understanding of where risk sat across the broader portfolio.
Like many pools, SIG was not starting from zero.
Districts already cared about cybersecurity. Technology teams were working hard. But efforts varied widely district to district. Different vendors. Different priorities. Different staffing realities. Different levels of maturity.
“There wasn’t a lot of coordination between insurance and the schools when it came to cyber,” Hanson explained. “IT teams existed, but they were focused on education and instruction, not insurance or underwriting language.”
The issue wasn’t a lack of activity. It was that the activity wasn’t necessarily adding up.
For SIG, cyber had become bigger than an annual application process. The question was no longer simply whether districts were doing something about cyber risk. It was whether the pool could help members make progress in a way that strengthened resilience across the broader membership.
“Our members use different platforms, different vendors, and different approaches,” Packwood said. “Everyone was rowing their own way. What we needed was a way to get everyone into the same boat, rowing in the same direction.” That shift, from isolated activity to shared direction, became foundational.
For a pool, that distinction matters. Without a clear portfolio view, it is difficult to know which members need help first, which weaknesses are common across the membership, and whether cyber spend is producing defensible value over time.
For SIG, one of the most important shifts was recognizing that progress depended on making cyber feel manageable.
The goal was never to ask districts to do everything at once. It was to help them focus on what mattered most.
To support that, SIG created a standalone Cyber Safety Credit Program—a structure designed to give districts clearer direction, tangible incentives, and a more practical path toward stronger cyber readiness.
Historically, cyber controls had been folded into broader safety initiatives alongside property, liability, and workers’ compensation. But SIG increasingly viewed cyber as a distinct risk category—one requiring its own attention and a clearer framework for progress.
Rather than create a compliance-heavy program or penalize districts for gaps, SIG focused on building something districts could realistically engage with over time. Participation in cyber sessions, progress toward foundational controls such as multi-factor authentication, timely application activity, and engagement with cyber insights all became part of a more structured pathway forward.
“Cyber spend can go a thousand different directions,” Hanson said. “What the credits do is focus effort. Instead of trying to do everything, districts can focus on the things that matter most.”
That idea, focus over perfection, became foundational.
“We wanted to empower members, not penalize them,” Hanson said. “The credits give districts a roadmap. They can see what good looks like, prioritize over time, and still move at a pace that fits their reality.”
Importantly, the program also helped SIG solve another challenge many pools face: where to focus limited attention.
Not every district starts in the same place. Some move quickly. Others face significant staffing and budget constraints. Better visibility helped SIG direct support where it would matter most—not just for individual districts, but for the resilience of the broader pool.
One of the clearest examples of SIG’s philosophy came through a smaller member district with limited resources.
Like many schools, the district did not have a dedicated cybersecurity team. Staff wore multiple hats. Technology decisions competed with countless operational priorities. Cyber improvements often felt difficult to prioritize against everything else.
Rather than overwhelm the district with technical findings or unrealistic expectations, SIG focused on helping them identify what mattered first.
Through SIG’s framework and cyber insights, the district gained something it had previously lacked: a clearer path forward.
Controls that might take a larger district weeks to implement could take a smaller district considerably longer. SIG recognized that reality and built around it. The goal was never perfection. It was progress.
Just as importantly, the process helped district technology leaders elevate cyber conversations internally.
“That voice started being heard,” Packwood noted. “Once leadership had clearer visibility into the risk, along with a defined roadmap and incentives, momentum followed.”
Instead of cyber feeling abstract or overwhelming, districts could plan for improvements over time—sequencing investments, building support, and making measurable progress that contributed to the resilience of the broader pool.
For schools, the consequences of cyber incidents extend well beyond remediation costs.
“If you lose the trust of your community, you lose students,” Hanson said. “And when kids don’t show up, districts lose funding. That can mean millions.”
For school districts, cyber disruption affects more than systems. It affects trust, continuity, and the ability to deliver education. Even third-party vendor incidents can quickly become community-facing events, placing districts in difficult positions with families and regulators.
That perspective shaped SIG’s philosophy from the start: cyber resilience is not simply about avoiding incidents. It is about helping districts stay operational, maintain confidence, and navigate difficult moments more effectively when they occur.
Over time, SIG began seeing something important happen. Cyber activity across the membership was becoming more intentional—and more measurable.
KYND helped identify where cyber risks persisted. Districts needing additional support could be engaged earlier. Baseline controls improved. Conversations with members became more informed.
“It’s a proactive check-in,” Packwood said. “Cyber risk can’t afford to get lost in day-to-day priorities.”
Just as importantly, progress at the district level began adding up to something more meaningful at the portfolio level.
In SIG’s case, stronger visibility and evidence of improvement also supported a more confident insurance market conversation, including improved cyber limit and coverage outcomes.
“Our broker told us our cyber posture and data made us exceptionally strong to take to market,” Hanson said. “That doesn’t happen by accident.”
For peer pools, the broader lesson is not that every pool needs a bigger cyber function. It is that pools need a practical operating model: a way to see the portfolio, focus support where it matters, and build evidence of progress over time.
Not through overwhelming members. Not through building a cyber department from scratch. And not by trying to do everything at once. But by helping members move in the same direction, focusing attention where it matters most, and creating a clearer understanding of what progress actually looks like.
For peer pools navigating similar pressures, that may be the takeaway worth paying closest attention to: You do not need to become a cyber operations team to strengthen cyber resilience. But increasingly, you do need a way to help cyber activity add up to something bigger than the activity itself.