Cryptocurrency makes cybercrime harder to trace, says MCIT consultant

Richard Miehe, a risk management consultant for the Minnesota Counties Insurance Trust (MCIT), recently reviewed rates with the Hubbard County Board.

MCIT is a risk-sharing pool for county governments, he explained. Hubbard County has been a member for nearly 40 of the organization’s 46 years. Eighty-one of Minnesota’s 87 counties are MCIT members.

“We started in 1979 when counties were having trouble procuring cost-effective, decent coverage, so this model started as a joint powers model,” Miehe said. “Over the years, we’ve evolved to take other claims inhouse, claims handling, risk mitigation, loss control, those types of things.”

Miehe said MCIT buys reinsurance for catastrophic claims. “So when we run into matters where the loss is going to hit limits from our risk pool, then we have to turn it into reinsurance. Here’s where we’ve really seen struggles with costs going up.”

To combat those cost increases, Miehe said they raised their per claim retention for liability reinsurance from $850,000 to $1 million. “That saved a 21% premium spike.”

Total insured values continue to climb, he said. Over the past five years, it rose $2.6 billion or 39%.

Hubbard County’s appraisal was in 2023, “so you’re right in the midst of that steep increase that we’re starting to see. With the rise of materials, labor costs and the like, those costs are continually increasing.”

The county’s property and liability aggregate rate increased 11.2% from 2024 to 2025, while workers’ compensation aggregate rate increased 4%.

There’s been an unfortunate increase in frequency of cyber claims, according to Miehe, “but we luckily had a decrease in severity.”

There were no ransomware claims in 2024. Cybercrime is largely preventable, he noted, through security, technology and education.

County commissioner David La Hunt asked why it’s so hard to find and prosecute cybercriminals.

“Cryptocurrency,” replied Miehe. That’s how bad guys get the money and they can’t be as easily traced.”

The most common attack is a misdirected payment with a spoof invoice.

“Minnesota, as a state, is at the tip top of business email compromise claims, interestingly enough,” he added, either because Minnesotans are more trusting or other states have better protocols.