Skip to Content
League of Minnesota Cities
Search
close
close

How to save a PDF

If you would like to save the page you’re viewing as a PDF document, here are the steps:

  1. Click icon with 3 stacked dots Setting button with vertical dots / Setting button with horizontal dots or Setting button with stacked lines lines to the right of the URL bar at the top of your browser
  2. Select the “Print” option
  3. A pop up window like this one should appear, ensure the Destination field is set to “Save as PDF” (this may be a dropdown or “Change” button)
  4. Click “Save,” then select the location and name for the file on your computer

Still not sure? 

View additional instructions for the most common browsers.

LMCIT Municipal Cyberrisk Coverage Guide

Updated Jan. 1, 2026

If your city experiences a cyber event:

This guide provides a summary of cyber coverage offered by the League of Minnesota Cities Insurance Trust (LMCIT). The Municipal Cyberrisk Coverage generally provides coverage for financial loss, legal liability, and operational disruptions resulting from cyber incidents, such as data security breaches, unauthorized systems access, or malicious code.

Learn more about other cybersecurity services available to LMCIT members.

The Municipal Cyberrisk Coverage is written on a claims-made basis and includes both:

  • First-party risks (your own costs).
  • Third-party risks (liability to others).

In all cases, the coverage is subject to the terms, conditions, exclusions, and limitations in the coverage documents. LMCIT recommends that members review the coverage document for actual wording.

First-party coverages (your own costs)

There are six first-party coverage sections.

Data breach incident response

This section provides reimbursement coverage for costs incurred to respond to a suspected or actual unauthorized disclosure of personally identifiable information or other nonpublic information in the member’s possession, custody, or control. Covered costs include:

  • Computer forensics services
  • Legal services
  • Notification services
  • Fraud monitoring and resolution services
  • Call center services
  • Public relations services

Data restoration

If electronic data is damaged or compromised due to malicious code or unauthorized access to or usage of the member’s computers, mobile devices, or other electronic endpoints, LMCIT provides coverage to restore the damaged electronic data.

Cyber extortion

To the extent insurable by law, this coverage applies to ransom payments and costs necessary to execute such payments.

Network interruption and recovery

This coverage reimburses costs or losses incurred in connection with the member’s computer network arising from:

  • Unauthorized access
  • Denial-of-service attacks
  • Breach of security
  • Malicious code
  • Virus
  • Malfunction

Covered costs include:

  • Reasonable and necessary response expenses, such as forensic auditors or breach counsel to determine the cause and scope.
  • Costs to restore network operations.
  • Loss of net income the member would have earned had no network interruption occurred.

Dependent network

This coverage applies to costs or losses incurred in connection with a dependent computer network, such as a third-party cloud provider or outsourced data center, arising from:

  • Unauthorized access
  • Breach of security
  • Malicious code
  • Virus
  • Malfunction

Covered costs include reasonable and necessary response expenses, such as forensic auditors or breach counsel to substantiate cause and scope. Unlike the preceding network interruption and recovery coverage, this section does not cover loss of income.

Network hardware restoration

This coverage reimburses costs to repair or replace computer and network hardware damaged due to malicious code or a hack, after reasonable efforts have been made to restore functionality to its pre-event level.

Third party coverages (liability to others)

There are three third-party insuring agreements.

Network security, privacy, and data breach liability

This coverage provides defense and indemnification for damages claims made against the member by third parties arising from:

  • Failure to prevent malicious code or a hack within the member’s network.
  • Failure to protect personally identifiable information as required under statute, rule, or regulation.
  • Unauthorized disclosure of personally identifiable or other nonpublic information in the member’s custody or control.

Defense costs are in addition to the limit of liability.

Regulatory liability

This coverage applies to fines and penalties imposed by a regulatory authority due to unauthorized disclosure of personally identifiable or nonpublic information in the member’s possession, custody, or control. It also covers legal fees and expenses associated with the investigation, defense, or appeal of a claim or regulatory proceeding.

Payment card industry fines and assessments

This coverage applies to amounts the member is legally obligated to pay under a merchant services agreement following a data breach. A merchant services agreement is, generally, an agreement between the member and credit card company or financial institution that allows the member to accept credit or debit card payments. Coverage includes:

  • Fines or penalties for noncompliance with the Payment Card Industry Data Security Standards.
  • Monetary assessments and case management fees.
  • Legal fees and expenses related to investigation, defense, or appeal of a claim.

Coverage limits

Several limits apply.

Municipal Cyberrisk Coverage covenant limit

The standard covenant limit is $3 million. This is the maximum LMCIT will pay for all events and claims combined under any mix of first- and third-party coverages.

First-party coverages aggregate limit

The standard aggregate limit for first-party coverage is $250,000. This is the maximum LMCIT will pay regardless of the number of claims.

The first-party coverage aggregate limit may be increased to $500,000 for an additional premium if the member can answer “yes” to the following:

  • Is annual cyber training provided to all employees?
  • Are computer use policies in place?
  • Is there a firewall between the internet and the member’s network?
  • Are monthly updates performed on antivirus and Windows software?
  • Are monthly data backup procedures in place?

Third-party coverages limit

The limit for third-party coverages is $2 million per claim. For network security, privacy, and data breach liability coverage, defense costs are paid in addition to the limit of liability.

Shared pool limits

There are two shared pool limits designed to protect the LMCIT fund from extraordinary aggregation of cyber claim costs. Historically, LMCIT’s annual cyber claim costs have not approached $1 million, so these limits would apply only in unprecedented circumstances. The first is a $10 million common-cause shared limit, and the second is a $25 million 12-month shared limit.

Exclusions

This list highlights key exclusions and is not exhaustive:

  • Employment practices claims.
  • Bodily injury.
  • Physical damage to tangible property, except as provided under network hardware restoration section of the first-party coverages.
  • Deliberate, dishonest, fraudulent or criminal acts by the member with knowledge or consent of designated officials, such as the chief administrator, finance director, director of information systems and/or information technology, chief information officer, or general counsel.
  • Liability to employees or claims arising from employee benefit or pension plans, except for data breach claims affecting employees.
  • Physical events such as fire, smoke, explosion, lightning, wind, flood, earthquake, hail, or similar hazards.
  • Satellite, electrical or other infrastructure service interruptions, including any electrical disturbance, unless such infrastructure is under the member’s direct control.
  • War or acts by a foreign state.
  • Loss, theft, or transfer of money or securities, including fraudulent instruction claims.

Other computer-related risk coverages

Some computer-related exposures may be covered under other LMCIT coverages rather than Municipal Cyberrisk Coverage.

Theft of member funds involving a computer

Employee theft or embezzlement may be covered under LMCIT’s Municipal Bond Coverage. This is an optional coverage a majority of LMCIT members purchase.

Theft of funds by an outside party may be covered under the LMCIT Municipal Crime Coverage. Fraudulent instruction claims have become increasingly common. These schemes involve criminals impersonating employees or vendors to redirect Automated Clearing House (ACH) or bank payments. Members should verify any payment change requests using a trusted phone number, not a phone number accompanying the request.

The bond and crime coverages apply regardless of whether the act giving rise to the claim involved a computer.

Website copyright infringement

Coverage for copyright infringement claims is provided in the Comprehensive Municipal Liability Coverage.

Employment practices claims involving computers

Employment practices claims are covered under Comprehensive Municipal Liability Coverage regardless of whether a computer is involved.

Fire or explosion damage to member property, involving or resulting from authorized or unauthorized access to computer system

Fire, explosion, or water damage to member property may be covered under the Municipal Property Coverage, even if caused by authorized or unauthorized access to a computer system.

File a cyber claim / get support for a cyber event

Access LMCIT claim forms, information sheets, and other resources.

Cyber claims can be submitted to LMCIT using any of the following methods:

If your city experiences a cyber event, and you need immediate support, contact the following.

  • Non-ransomware cyber event
    • Business hours: Call LMCIT claims staff at (800) 925-1122 from 8 a.m.-5 p.m., Monday-Friday.
    • After hours or weekends: Contact a McDonald Hopkins cyber data breach coach at [email protected] or (855) 643-2821. Identify yourself as an LMCIT member. You’ll receive one hour of free coaching, and the coach will notify the LMCIT claims team. LMCIT will follow up about coverage and the claims process.
  • Ransomware event
    • Business hours: Call LMCIT claims staff at (800) 925-1122 from 8 a.m.-5 p.m., Monday-Friday.
    • After hours or weekends: Call Metis at (540) 265-8021 and let them know you’re an LMCIT member. A data breach coach from Woods Rogers will contact you to provide one hour of free coaching. If you choose to retain them, they can guide you through resolving the situation. The coach will also notify the LMCIT claims team to begin the coverage and claims process.

Related Learning and Events

MemberLearn Online Courses

Finance: The Budgeting Process

[FREE COURSE] This course designed specifically for small cities provides an overview of the budgeting process.

Your LMC Resource

Staff are available to help members with questions on potential or pending claims, coverage, and loss control or legal concerns.

Connect with Claims staff
(choose “Claims,” “PC Claims,” or “WC Claims” under “Department”)

Connect with Legal staff
(choose “PC Litigation” or “WC Litigation” under “Department”)

Connect with Underwriting staff
(choose “Underwriting” under “Department”)

Connect with Loss Control staff
(choose “Loss Control” under “Department”)