Cyber Coverage Enhanced with Higher Limits

The MCIT Board of Directors approved an enhanced cyber coverage program at its May 8 meeting. Coverage  changes took effect June 1 and now provide increased limits of coverage to all members, including critical individual lines of coverage where MCIT members have experienced claim losses.

After months of research and working with MCIT’s primary broker, a coverage program was identified that:

• Applies to all members
• Allows MCIT staff to continue handling claims
• Maintains the existing coverage form
• Utilizes MCIT’s existing technical expert partners whose effectiveness comes from a deep understanding of MCIT member operations

As of June 1 the following coverage changes took effect.

County members:

• Limit of coverage increased from $500,000 to $1 million
• Cyber extortion limit increased from $50,000 to $200,000
• Sublimits for forensics and legal services (breach coach) increased from $100,000 to $200,000
• Option to purchase an additional $1 million in coverage (subject to underwriting requirements)

Additional information has been provided to county members on how to apply for an optional $1 million in additional coverage. Applications are reviewed and evaluated for eligibility by MCIT’s coverage partner, Great American Insurance Company.

Noncounty members:

• Limit of coverage increased from $250,000 to $500,000
• Cyber extortion limit increased from $50,000 to $100,000
• Sublimits for forensics and legal services (breach coach) increased from $50,000 to $100,000

Download cyber coverage comparison chart for 2025 vs. 2026

New Declarations Pages Mailed

An updated “Privacy or Security Event Liability & Expense (cyber)” declarations page was mailed to each member’s primary MCIT contact in June. This document effectively changes members’ coverage with MCIT and should be added to members’ 2026 MCIT Coverage Document.

What Members Need to Do

This coverage change does not require immediate action from members. There is no separate charge for this coverage enhancement. In fact, deductible remain the same throughout 2026.

MCIT is fortunate that with a cyber program of this scale that its members are not subject to individual underwriting guidelines to qualify for the core coverages. MCIT understands that generally, members have invested in best practices and security tools to protect their data and systems from potential harm.

For MCIT to maintain coverage at this level, it is important that all members do their part to manage their individual cyber risk exposures with particular focus in these areas:

• Employee education and training on steps they should follow to ensure security
• Investing in systems penetration or vulnerability testing and updates as indicated
• Implementing multifactor authentication (MFA) for web-based email access and all remote access to information technology and operational technology networks
• Performing routine and regular backups of all critical data and infrastructure, the storage of which is inaccessible from member networks
• Implementing endpoint detection and response (EDR)

Support for Members

MCIT’s risk management consultant Richard Miehe is available to assist members in their data security and cyber risk management efforts. Connect with him at rmiehe@mcit.org or 866.547.6516.

MCIT resources provide best practices for members in managing this area of risk. Check them out:

• Essentials of Data Security for Public Entities
• Various articles addressing specific cyber risks
• Cybersecurity Self-assessment