Cyber Liability Insurance Application For Data Management, Healthcare & Financial Services Industries
Cyber Liability and Data Security +
Email address
Name of Applicant:
Your answer
Mailing Address
Your answer
Physical Address:
Your answer
Your answer
Your answer
Zip Code
Your answer
Your answer
Your answer
Does the applicant obtain written releases from all people whose images are used?
Does the website have a privacy policy?
Anti-virus software on all internet accessible devices
Firewalls on all internet accessible devices
Intrusion Detection Software
Default passwords changed on all third party hardware and software products?
Have an updated system that utilizes chip card technology?
Passwords that are non-trivial and contain at least six characters?
Nature of Business:
Your answer
Your answer
Tax ID Number:
Your answer
List any and all subsidiaries which need Cyber Liability Under This Policy:
Your answer
Total Number of Employees
Your answer
Annual Gross Sales Last 12 Months
Your answer
Current cyber liability coverage (provide insurer name, coverage, limits, retroactive date, premium)
Your answer
Current Insurance Policy Expiration Date
Your answer
Current (or desired) Self Retention or Deductible
During the past five (5) years, whether insured or not, has your business sustained any losses due to unauthorized access, unauthorized use, virus, denial of service attack, electronic media liability, data breach, data theft, fraud, electronic vandalism, sabotage or other similar electronic security events?
Within the past five (5) years, have you experienced any network related business interruption exceeding eight (8) hours other than planned maintenance
During the past five (5) years, has anyone alleged that you were responsible for damage to their computer system arising out of the operation of Applicant's computer system?
During the past five (5) years has anyone made a demand, claim, complaint, or filed a lawsuit against you alleging invasion of, or interference with rights of privacy, or the inappropriate disclosure of personally identifiable information (PII)?
During the past five (5) years have you been the subject of an investigation or action by any regulatory or administrative agency for privacy related violations
Are you aware of any circumstance that could reasonably be anticipated to result in a claim being made against your for the coverage being applied for?
Are you aware of any circumstance that could reasonably be anticipated to result in a claim being made against your for the coverage being applied for?
Do you have a firewall?
How often do you review the rules within the firewalls?
Your answer
Estimated number of non-employee individuals whose personal information* is stored by the applicant or any third party service provider on behalf of the applicant:
Your answer
Estimated number of payment card transactions in last 12 months:
Your answer
Is the applicant affiliated with a franchise?
Do you have any foreign revenue or foreign personal information*?
If yes, explain:
Your answer
Do you collect zip codes or any personal information at the point of sale?
Do you perform virus scans of emails, downloads, and portable devices?
Do you have restrictions regarding access to sensitive information of a third party?
Do you have a process for managing computer accounts, including the removal of outdated access accounts in a timely fashion?
Do you have physical security controls in place to control access to your computer systems?
Do you have access control procedures that address access to critical and sensitive computer systems?
Do you have a written business continuity/disaster recovery plan that includes procedures to be followed in the event of a disruptive computer incident?
Are system backup and recovery procedures tested for all mission critical systems and performed at least annually?
Types of personally identifiable information held (check all that apply)
Does the applicant have a data retention and destruction plan in place that includes both electronic and physical data?
Does the applicant have physical security in place to restrict access to computer systems or paper records that contain sensitive information?
Is all sensitive data
Are all devices encrypted?
How long would it take to restore your operations after a computer attack or other loss/corruption of data?
Are mission critical transactions and security logs reviewed periodically for suspicious activity?
How frequently?
Your answer
Have you undergone an information security or privacy compliance evaluation? If yes, identify who performed the evaluation, the date it was performed, the type of evaluation, and attach a copy of it.
Were all recommendations implemented?
Do you outsource (or plan to outsource) a critical part of your internal network/computer system or internet access/presence to others?
Do you have a program in place to periodically test your data security controls?
Do you have written contracts in place to enforce your information security policy and procedures with third party service providers?
Do such contracts contain hold harmless or indemnification clauses in your favor?
Do you perform audit checks on your vendors and service providers who handle your privacy sensitive data and require them to have adequate security protocols?
Do you have a document destruction and retention policy?
Does the applicant proactively address system vulnerabilities, including regular updates to antivirus software and critical security patches?
Has the applicant had a vulnerability assessment, penetration test, or other network security assessment performed in the last 12 months?
Do you monitor your network in real time to detect possible intrusions or abnormalities in the performance of the system?
Have you achieved compliance with the following: (check all that apply)
Does your hiring process include the following for all employees and independent contractors (check all that apply):
If other, please describe:
Your answer
Do you have a current enterprise wide computer network and information security policy that applies to employees, independent contractors, and third party vendors?
If yes, is the information published within the company (e.g. corporate intranet, employee handbook, etc)?
Are all employees periodically instructed on their specific job responsibilities with respect to information security, such as the proper reporting of suspected security incidents?
Do you have a formal privacy policy that has been approved by legal counsel?
Does your information systems and supporting business procedures prepared to honor customer preferences concerning the opt-out of sharing of nonpublic, personal information to nonaffiliated third parties?
Do you have a process to review content or materials (including meta tags) before they are published, broadcasted, distributed or displayed on your website for the following: (Check all that apply)
Copyright, trademark or domain name:
Your answer
Have your products or services been the subject of copyright, patent or trademark infringement allegations?
Does your organization utilize social media?
If yes, do you monitor postings?
Are there formal procedures for complaints?
If yes, describe the procedure:
Your answer
Does Legal Review Content?
Never submit passwords through Google Forms.
This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Additional Terms