Cyber Liability Insurance Application Please enable JavaScript in your browser to complete this form.GENERAL INFORMATIONFull Name of Applicant:Principal Address:Nature of Business (Industry):Primary Corporate Website Address:Total Employee Count:Annual Gross Revenues – Most recent 12 months:Projected Next 12 Months:Please attach a list of all subsidiaries, affiliated companies or entities owned by the Applicant Please describe (1) the nature of operations of each such subsidiary, affiliated company or entity, (2) its relationship to the Applicant and (3) the percentage of ownership by the ApplicantDo you engage in any of the following business activities? (select all that apply)Adult ContentCannabisCryptocurrency or BlockchainDebt collection agencyGamblingManaged IT service provider (MSP or MSSP)Payment Processing (e.g., as a payment processor, merchant acquirer, or Point of Sale system vendor)None of the aboveWithin the Applicant’s organization, who is responsible for network security?Name: *Title: *Email Address: *Phone Number *DATA COLLECTION INFORMATIONEstimate number of unique personally identifiable records maintained (including records stored by third-party providers)0 – 250,000250,001 – 500,000500,001 – 1,000,0001,000,001 – 2,500,0002,500,001 – 5,000,0005,000,001 – 10,000,00010,000,001 +PII includes any information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.Do you deal with protected health information as defined by HIPAA?YesNoIf “Yes”, do you have procedures and audit practices in place to ensure compliance under the rules and regulations of HIPAA, including the encryption of any electronically transmitted recordDo you deal with biometric information or data such as fingerprints, voiceprints, facial, hand iris or retinal scans, DNA, or any other biological, physical or behavioral characteristics that can be used to uniquely identify a person?YesNo transfer as relationship If “Yes”, have you confirmed compliance with applicable federal, state, local and foreign laws?Do you accept credit or debit card paymentsYesNoIf applicable, do you deploy either end-to-end or point-to-point encryption technology on all of you point of sale terminals?YesNoSECURITY CONTROLSDo you require multi-factor authentication for:All remote access to the network including any remote desktop protocol connections?YesNoAll Web based email accounts?YesNoLocal and remote access to privileged user/network administrator accounts?YesNoInternal and external access to cloud based back-ups?YesNoDo you use a commercially available and regularly updated firewall and anti-virus protection system for all your computer systems?YesNoDo you use intrusion detection software to detect unauthorized access to your computer systems?YesNoDo you filter or scan incoming emails for potentially malicious attachments and links?YesNoIf “Yes”, do you have the capability to automatically detonate and evaluate attachments in a sandbox to determine if they are malicious prior to delivery to the end-user?Are you compliant with the Payment Card Industry (PCI) Data Security Standards?YesNoDo you implement SPF, DKIM and DMRAC to protect against phishing messages?YesNoDo you use Office 365?YesNoIf “Yes”, do you use the Office 365 Advanced Threat Protection add-on?Do you regularly monitor security vulnerabilities and appropriately patch and upgrade systems & applications?YesNoApply security patches within 30 days of release?YesNoIs your critical business data backed-up and stored in a secure location?YesNoif yes, how often:DailyWeeklyMonthlyQuarterlyEvery 6 MonthsDoes the backup solution include all the following characteristics: kept in a cloud service protected by MFA, has been tested in the last 6 months, and can be used to restore essential network functions within 3 days of a widespread malware or ransomware attack?YesNoDo you use 3-2-1 backup procedures? Two different media storage types and one copy off site for disaster recovery?YesNoDo you test the successful restoration and recovery of key server configurations and date from backups?YesNoDo you use a cloud provider to store data or host applications?YesNoIf “Yes”, please provide the name of the cloud provider:Do you encrypt private or sensitive information stored on the network or cloud?YesNoDo you encrypt private or sensitive information stored on mobile devices?YesNoDo you use an endpoint detection and response (EDR) tool that includes centralized monitoring and logging of all endpoint activity across your enterprise?YesNoIf “Yes”, please provide the name of your EDR provider:Are employees required to undergo annual security training?YesNoDo you have controls in place which require all fund and wire transfers over $25,000 to be authorized and verified by at least two employees prior to execution?YesNoDoes the applicant provide data processing, storage, hosting, or Managed Security Services Provider (MSSP) services to third parties?YesNoHas there been a vulnerability assessment in the past 18 months?YesNoDo you have a tested business continuity/disaster recovery program in place?YesNoLOSS/CLAIMS INFORMATIONIn the past 3 years, has the Applicant or any other person or organization proposed for this insurance:Received any complaints or written demands or been a subject in litigation involving matters of privacy injury, breach of private information, network security, defamation, content infringement, identity theft, denial of service attacks, computer virus infections, theft of information, damage to third party networks or the ability of third parties to rely on the Applicant’s network?YesNoBeen the subject of any government action, investigation or other proceedings regarding any alleged violation of privacy law or regulation?YesNoNotified customers, clients or any third party of any security breach or privacy breach?YesNoReceived any cyber extortion demand or threat?YesNoSustained any unscheduled network outage or interruption for any reason?YesNoSustained any property damage or business interruption losses as a result of a cyber-attack?YesNoSustained any losses due to wire transfer fraud, telecommunications fraud or phishing fraud?YesNoIs the Applicant aware of any fact, circumstance, situation, event, or Wrongful Act which reasonably could give rise to a Cyber Event, Loss, or a Claim being made against them that would fall within the scope of the Policy for which the Applicant is applying?YesNoIn the past 3 years, has any service provider with access to your network or computer system(s) sustained an unscheduled network outage or interruption lasting longer than 4 hours?YesNoIf “Yes”, did you experience an interruption in business as a result of such outage of interruption?If answered yes to any of the above, please attach full details for each yes answer on a separate attachment. Drag & Drop Files, Choose Files to Upload Submit
