Resource Library

Cyber Suite Coverage Conditions

Date: February 2022

MCIT launched specialized coverage for data compromise and cyber-related exposures Jan. 1, 2017. Any incident or suspected incident involving a data compromise, data breach, computer attack, cyber-extortion or electronic media event requires the member’s immediate action by reporting the incident to the MCIT claims department.

MCIT claims staff will coordinate a call between the member and Hartford Steam Boiler (HSB)—the cyber insurer—claims team to develop a course of action unique to the situation.

Depending on the circumstances, the member may be required to engage outside consultants/experts directly to assist. These costs are reimbursable to the limits of coverage. The member remains responsible for its deductible.

Cyber suite coverage plays an important rolefor all members when dealing with the inadvertent release of sensitive or private data, whether from accidental release, or from the loss or theft of equipment or devices containing the information. 

Cyber suite also responds to:

  • incidents of hacking, propagation of viruses and malware within member computer systems.
  • exposure to cyber-extortion or incidents of ransomware.
  • misdirected payments—whether done by an employee or via system intrusion.
  • allegations of copyright or trademark infringement, defamation and violation of a right to privacy arising from information published on a member’s website.

Coverage is comprised of five sections, with an aggregate limit of $250,000 for county members and $50,000 for noncounty members.

  1. Data Compromise Response Expense—Reimburses a member for expenses incurred after an actual or suspected data compromise including:
  • notifying affected individuals of a data compromise.
  • retaining a computer expert to determine the nature and extent of the data compromise.
  • retaining outside legal counsel to assist members in determining how best to respond to a data compromise.
  • retaining a public relations firm.
  • providing services, including credit monitoring and identity restoration, to individuals affected by a data compromise.
  • covering regulatory fines and penalties such as those imposed by the payment card industry.
  1. Data Compromise Liability—Defends and indemnifies a member if a claim is made by someone affected by a data compromise.
  2. Computer Attack Response Expense—Reimburses a member for expenses incurred after a computer attack (unauthorized access to a member’s computer system including damage arising from malicious code, viruses, worms, Trojans and spyware) to include:
  • data restoration, data re-creation, system restoration, loss of business and public relations.
  • cyber-extortion/ransomware expenses including the cost of a negotiator, investigator and amounts paid to eliminate the cyber-extortion threat.
  • misdirected payment and computer fraud—reimburses the member for loss of its money due to an employee being tricked or an outside party gaining access to the member’s computer system resulting in money being sent to a fraudulent destination.
  1. Network Security Liability—Defends and indemnifies a member if a claim is made by someone affected by a computer attack or security system failure against a member.
  2. Electronic Media Liability—Defends and indemnifies a member if a claim is made by someone alleging that information displayed by the member on a website caused damage.

Because of the specialized and technical nature of these exposures, MCIT partnered with HSB both to underwrite the coverage and provide assistance to members through the claims adjustment and response process. HSB has several years of experience in cyber-insurance and brings resources with the expertise to assist in claim situations.

Important Conditions of Coverage

When an incident arises, members may want to react quickly to address the situation. This is understandable given headlines and negative publicity related to hacking and breaches. Before issuing notifications to affected individuals or diagnosing system issues to determine the extent of a hack or malware, the member needs to pause and consider the important conditions, or rules, necessary to ensure coverage through HSB.

HSB is keenly aware of the time-sensitive nature of these occurrences and has a process in place to facilitate
a quick, collaborative response.

Examples of policy conditions to which members must adhere to help ensure the availability of coverage include:

  • Immediately report to MCIT all claims, including incidents or events that the member thinks may give rise to a claim, before engaging any specialists or, in the case of a data breach or compromise, before issuing notifications to affected individuals. A claim should be reported via the MCIT member portal at MCIT.org.
  • Participate in a pre-notification phone consultation with HSB prior to notifying individuals affected by a data breach or compromise.
  • Immediately record the specifics of any claim received by the member, including a description of what occurred and the date received.
  • Immediately send to MCIT copies of any demands, notices, summonses or legal papers received in connection with the claim.
  • Cooperate with HSB in the investigation, settlement or defense of a claim, which includes authorizing HSB to obtain records and other information.
  • Do not:
    • admit liability, settle a claim or incur defense costs without prior written consent from HSB.
    • take any action or fail to take any required action that prejudices the member’s rights or HSB’s rights with respect to the claim.
    • make a statement that will assume any obligation or admit any liability for an incident without HSB’s written consent.
    • voluntarily make a payment, assume any obligation or incur any expense without prior written consent from HSB.
  • Notify the police of any incident in which a law may have been broken.
  • Maintain appropriate:
    • physical security for the premises, computer systems and hard copy files.
    • computer and Internet security.
    • backups of computer data at appropriate intervals.
    • credit card, debit card and check payment processing protection.
    • protocols for disposing of files containing sensitive or private data.

Learn More

The information provided above is an overview summary only. Coverage for a specific claim depends on the facts of the claim as compared to all definitions, limits, provisions, conditions and exclusions in the cyber suite coverage form as contained in the MCIT Coverage Document.

MCIT recommends that members review the cyber suite coverage section of the MCIT Coverage Document in its entirety and communicate internal reporting protocols across departmental lines to ensure prompt reporting of all actual or suspected claims.

These MCIT resources can help members shore up their data and cyber security risk management efforts:

Questions about the cyber suite coverage should be directed to the member’s MCIT risk management consultant at 1.866.547.6516.

The information contained in this document is intended for general information purpose only and does not constitute legal or coverage advice on any specific matter.