Resources

CYBER RESOURCES

Cyber Education Series

A do-it-yourself program that provides 5 case studies that highlight cyber security issues from NJ towns, how they were impacted and tips used to prevent future risk.

Information about the Cyber Education Series

Case Study #1: Sharing is (NOT) Caring
Case Study #2: Whoops! Don’t share the data
Case Study #3: We Trust the Pros
Case Study #4: Closed: Gone Phishin’
Case Study #5: The Exception (for now)
Case Study: Series Final Thoughts

Cyber Task Force Bulletins

Resources

Articles

Important Links

Click here for a Cyber Task Force Bulletin that includes free resource links, and see the links below:

CYBER RISK CONTROL Q&A

How do I select an employee training vendor?

See the Cyber Hygiene Training Vendor guide on our website.

Where can I find policies to comply with the MEL Cyber Risk Management Program?

Template versions of all of the policies needed for compliance can be found in the plan. Additional template policies can be found on our insurer’s (AXA XL) Cyber website: www.cyberriskconnect.com, use 10448 as the Access Code when registering for the first time.

What do I do when I have (potentially have) a cyber incident?

Report the incident to your JIF Claims Administrator and call the AXA XL Breach Hotline at 855-566-4724. Also enact your Incident Response Plan, which should include getting in touch with your risk manager (if applicable). You can also review the Cyber Incident Roadmap to see all steps you will be taken through.

Are there any incentives for compliance with the Cyber Risk Management Program?

Non-Compliance: $50,000 plus 20% copay of the next $300,000 (up to $110,000 out of pocket)

“Minimum Security”: $25,000 (up to $85,000 savings)

“Advanced Security”: $0 (up to $110,000 savings)

When resolving the claim for a cyber incident, can I be reimbursed for the time my employees allocated to recovering from the incident?

Via the Business Interruption and Extra Expense coverage of the Cyber policy, only the payroll and expenses above and beyond the normal hours can be recovered, such as overtime. In addition, most additional costs for an outside IT provider (should you not have one on staff) cannot be recovered.

I don’t process credit cards or store confidential data, so why should I bother with the risk management plan?

Over 90% of the MELs’ members’ cyber claims have not had to do with credit cards or sensitive data. Rather they are mostly dealing with business interruption and loss of data from ransomware, and loss of funds from social engineering. Also, despite not storing confidential data, you may still be responsible for protection of the data; please consult your counsel.

Some of the questions on the Cyber Risk Management Plan are not applicable to my network setup, so how can I comply?

The plan is written in a general nature to allow for variations, and not applicable questions have been approved in the past. Please contact the MEL Underwriting Manager Edward J. Cooney at 973-659-6424 or ecooney@connerstrong.com, or contact your local JIF Executive Director to discuss those items.