Cyber Liability Insurance Application 1. Organization ProfileName of Applicant (and any applicable Subsidiaries) Address Street Address Address Line 2 City AlabamaAlaskaAmerican SamoaArizonaArkansasCaliforniaColoradoConnecticutDelawareDistrict of ColumbiaFloridaGeorgiaGuamHawaiiIdahoIllinoisIndianaIowaKansasKentuckyLouisianaMaineMarylandMassachusettsMichiganMinnesotaMississippiMissouriMontanaNebraskaNevadaNew HampshireNew JerseyNew MexicoNew YorkNorth CarolinaNorth DakotaNorthern Mariana IslandsOhioOklahomaOregonPennsylvaniaPuerto RicoRhode IslandSouth CarolinaSouth DakotaTennesseeTexasUtahU.S. Virgin IslandsVermontVirginiaWashingtonWest VirginiaWisconsinWyomingArmed Forces AmericasArmed Forces EuropeArmed Forces Pacific State ZIP Code Primary Contact: Email PhonePart APlease provide the date the Applicant was established: Month Day Year Applicant is: Individual Partnership Corporation Other Please specify Number of employees:Part BHas the name of the Applicant changed in the last 12 months? Yes No Has the Applicant been involved in a merger, acquisition or consolidation with another entity in the last 12 months? Yes No Is the Applicant wholly or partly owned, controlled or related to any other entity? Yes No Does the Applicant own or control any other entity? Yes No If the Applicant responded "Yes" to any part of question B, please provide details or upload a separate page below.Files related to Ownership, Mergers, Acquisitions, Consolidation, etc. Drop files here or Select files Max. file size: 50 MB. Part CPlease provide Gross Revenue information based on the most recent financial year:Past 12 MonthsCurrent 12 MonthsProjection for Next YearPlease attach a copy of the Applicant's most recent Financial Statement (10k), current annual report or audited financials: Drop files here or Select files Max. file size: 50 MB. Part DDoes the Applicant currently purchase CyberLiability Coverage? Yes No Please provide current policy information:YearCoverageTypeCarrierLimitDeductibleRetroactive DatePremiumHas any Errors or Omissions, Privacy Insurance or Professional Liability Insurance ever been declined, cancelled or non-renewed? Yes No If yes, please explain:2. Privacy PracticesDoes the Applicant employ any of the following?Please check all that apply. A specific individual responsible for overall privacy and security. A written corporate privacy policy which is reviewed by a qualified lawyer, actively followed and regularly updated. Annual training in place for employees with respect to privacy matter. Screening of potential employees (e.g., background, drug, criminal, credit, etc). Regular network security assessments performed by third parties. Classification and tracking of where sensitive data is processed and stored on the network. Procedures to ensure compliance with privacy regulatory bodies, state privacy laws and industry standards, as applicable (e.g. HIPAA, PCI, etc). Contracts with third parties that contain hold harmless/indemnity clauses that benefit the Applicant. Contracts that require third parties to carry errors and omissions or cyber insurance. Obtaining consent from individuals when collecting personally identifiable information. 3. Information SecurityDoes the Applicant employ any of the following?Please check all that apply. The use and application of anti-virus software on all computer devices and networks. Regular updating and patching of security systems in a timely manner. The use and application of intrusion detection and/or prevention software. The use and application of firewalls to restrict network traffic. The use and application of data loss prevention (DKP) software. Physical controls to prevent unauthorized access to company premises and network. A password policy to require strong passwords and that passwords should be updated on a regular basis Data access controls including role based access by employees and third parties Multi factor authentication for remote access by employees and third parties Formal policies and procedures around the retention, destruction and purging of data 4. DataPlease provide details on the volumes of personally identifiable and sensitive information which is handled, processed or stored by or on behalf of the Applicant.Social Security Numbers, Government ID or Driver License InformationNumber of social security numbers, Government ID, or Drivers Licenses stored or processed annually?ID Encryption CapabilitiesCheck all below that DO have Encryption Capabilities for social security numbers, government ID or driver license information. At rest In transit In mobile devices Back-up tapes Cloud storage Financial RecordsNumber of financial information records (e.g. banking information) stored or processed annually?Financial Encryption CapabilitiesCheck all below that DO have Encryption Capabilities for financial information. At rest In transit In mobile devices Back-up tapes Cloud storage Payment Card DataIs the Payment Card Data PCI compliant? Yes No Date of last assessment? Month Day Year Number of Payment Card Data stored or processed annually?Payment Card Data Encryption CapabilitiesCheck all below that DO have Encryption Capabilities for Payment Card Data. At rest In transit In mobile devices Back-up tapes Cloud storage Protected Health InformationNumber of Protected Health Information records stored or processed annually?Protect Health Information Encryption CapabilitiesCheck all below that DO have Encryption Capabilities for Protected Health Information. At rest In transit In mobile devices Back-up tapes Cloud storage Intellectual PropertyNumber of Intellectual Property records stored or processed annually?Intellectual Property Encryption CapabilitiesCheck all below that DO have Encryption Capabilities for Intellectual Property. At rest In transit In mobile devices Back-up tapes Cloud storage Other RecordsNumber of Other records stored or processed annually?Other Encryption CapabilitiesCheck all below that DO have Encryption Capabilities for Other records. At rest In transit In mobile devices Back-up tapes Cloud storage 5. Content & Marketing ControlsDoes the Applicant employ any of the following content and marketing controls?Please check all that apply. Obtaining all necessary and proper rights when using content developed by third parties. Legal review of all content disseminated by the Applicant. Notice and Take-Down procedures in place for addressing potentially libelous or illegal content on the Company's website. Procedures in place to ensure compliance with the Telephone Consumer Protection Act, anti-SPAM statues and any other consumer protection act. 6. Vendor Management, Cloud & MobileWhich services (if any) are outsourced.Check all that apply. Data back-up Data hosting IT infrastructure IT security Payment processing Physical security Software development Customer marketing Data back-up Provider Data hosting Provider IT infrastructure Provider IT security Provider Payment processing Provider Physical security Provider Software development Provider Customer marketing Provider Does the Applicant have procedures in place to vet potential and existing vendors or outsources? Yes No Does the Applicant have contracts in place with all third parties that have access to any sensitive information? Yes No Does the Applicant have a Business Continuity Plan in place? Yes No When was the plan last tested? Month Day Year If the Applicant suffered a network disruption, how long would it take to become fully operational? 1-4 hours 4-8 hours 8-12 hours 12-24 hours Does the Applicant have a Disaster Recovery Plan in place? Yes No When was the plan last tested? Month Day Year Does the Applicant have a written incident response plan regarding how compromised personally identifiable information is handled? Yes No When was the plan last tested? Month Day Year 7. Previous Cyber IncidentsPlease check all the boxes below that relate to any cyber incident that you may have experienced in the last two years.There is no need to highlight events that were successfully blocked by security measures. Cyber Crime Cyber Extortion Data Loss Denial of Service Attack IP Infringment Malware Infection Privacy Breach Ransomware Other Please specify "Other" cyber incident: If you checked any of the boxes above, did the incident(s) have a direct financial impact upon your business of more than $10,000? Yes No Please provide more information including details of the financial impact and measures taken to prevent the incident from occurring again.Loss HistoryA. Do any principals, directors, officers, partners, professional employees or independent contractors of the Applicant or any of the entities identified in Question 2 for which coverage is desired, have knowledge or information of any act, error, omission, breach of duty, cease and desist letter, alleged breach of intellectual property rights, or any other circumstances which might reasonably by expected to give rise to a claim? Yes No B. Is the Applicant aware of any release, loss or disclosure of personally identifiable information in the care, custody or control of the Applicant during the last three years? Yes No C. Is the Applicant aware of any known network intrusion or denial of service attack during the last three years? Yes No D. Has the Applicant, or any of its predecessors in business, subsidiaries or affiliates, or any of the principals, directors, officers, partners, professional employees or independent contractors ever been the subject of a regulatory action as a result of the handling of sensitive data, including a civil investigation demand, consent order or investigation at an Attorney General or other industry body? Yes No E. During the past five years, have any claims been made or legal action brought against the Applicant or any of the entities identified in Question 2 for which coverage is desired, or any predecessors in business, subsidiaries, affiliates or any principal, director, officer or professional employee? Yes No F. Has the Applicant reported the matters listed in Loss History A-E to its current or former insurance carrier?to its current or former insurance carrier? Yes No CommentsThis field is for validation purposes and should be left unchanged.
