Cyber Risk Control Q&A
How do I select an employee training vendor?
See the Cyber Hygiene Training Vendor guide on our website.
Where can I find policies to comply with the MEL Cyber Risk Management Program?
Template versions of all of the policies needed for compliance can be found in the plan. Additional template policies can be found on our insurer’s (AXA XL) Cyber website: www.cyberriskconnect.com, use 10448 as the Access Code when registering for the first time.
What do I do when I have (potentially have) a cyber incident?
Report the incident to your JIF Claims Administrator and call the AXA XL Breach Hotline at 855-566-4724. Also enact your Incident Response Plan, which should include getting in touch with your risk manager (if applicable). You can also review the Cyber Incident Roadmap to see all steps you will be taken through.
Are there any incentives for compliance with the Cyber Risk Management Program?
Yes. Compliance with the Minimum Security group reduces your deductible to $25,000 (up to $85k in savings) and compliance with the Minimum and Advanced Security groups reduces your deductible to $0 (up t $110k in savings).
When resolving the claim for a cyber incident, can I be reimbursed for the time my employees allocated to recovering from the incident?
Via the Business Interruption and Extra Expense coverage of the Cyber policy, only the payroll and expenses above and beyond the normal hours can be recovered, such as overtime. In addition, most additional costs for an outside IT provider (should you not have one on staff) cannot be recovered.
I don’t process credit cards or store confidential data, so why should I bother with the risk management plan?
Over 90% of the MELs’ members’ cyber claims have not had to do with credit cards or sensitive data. Rather they are mostly dealing with business interruption and loss of data from ransomware, and loss of funds from social engineering. Also, despite not storing confidential data, you may still be responsible for protection of the data; please consult your counsel.
Some of the questions on the Cyber Risk Management Plan are not applicable to my network setup, so how can I comply?
The plan is written in a general nature to allow for variations, and not applicable questions have been approved in the past. Please contact the MEL Underwriting Manager Edward J. Cooney at 973-659-6424 or firstname.lastname@example.org, or contact your local JIF Executive Director to discuss those items.