Personal Information
Business Type *
State *
RISK BACKGROUND
Has any entity proposed for insurance closed, sold, merged with or acquired any company in the past 12 months or anticipates doing so in the next 12 months? *
Do you perform services in the State of New York? *
DATA AND RECORDS INFORMATION
Type(s) of personally identifiable information collected, transmitted, or stored" *
Hold down the Ctrl Key to make multiple selections.
CURRENT CYBER LIABILITY/DATA BREACH POLICY INFO
Do you currently have a cyber liability/data breach insurance policy? *
Effective Date
|
/ |
|
/ |
|
Current Policy End Date *
|
/ |
|
/ |
|
CLAIM ACTIVITY
In the last five years, has the applicant had a data breach resulting in the misappropriation or public disclosure of personal Information? *
In the last five years, has the applicant had any claim, suit, inquiry, complaint, notice of charge, notice of hearing, regulatory action, governmental action or administrative action related to the coverage applied for? *
WEBSITE MEDIA LIABILITY
Does the applicant have a website or utilize a social media platform? *
If “Yes,” please answer the following regarding the content used online:
Does the applicant review material that is posted or utilized online? *
Does the applicant obtain written releases from all images used *
Does the website have a privacy policy? *
Information/Network Security Risk Management
Select all the controls your company utilizies: *
Hold down the Ctrl Key to make multiple selections.
Does the applicant proactively address system vulnerabilities, including regular updates to anti-virus/ malware protection and critical security patches? *
Has the applicant had a vulnerability assessment, penetration test, or other network security assessment performed in the last 12 months? *
Does the applicant have a data retention and destruction plan in place that includes both electronic and physical data? *
Information/Network Security Policy
Does the applicant have a written physical and network security policy in place? *
Do all employees receive training on the privacy policy at least annually? *
Does the applicant have a designated individual responsible for the management of, and compliance with the applicant’s security policies? *
Breach Response/Disaster Recovery/Business Continuity Planning
Does the applicant have a written data breach response plan in place? *
Does the applicant back up all valuable/sensitive data, including personal information* of others, on a daily basis? *
Does the applicant have a disaster recovery and business continuity plan in place that is designed to avoid business interruption due to IT systems failure? *
If "yes", how many hours does it take the applicant to fully restore their systems?
Encryption
Does the applicant encrypt personal information in the following scenarios? *
Hold down the Ctrl Key to make multiple selections.
Physical Security
Does the applicant have physical security in place to restrict access to computer systems or paper records that contain sensitive information? *
Vendor Controls
Are business associate agreements in place for all third parties? *
Has applicant confirmed payment processor and any third party assisting with payment cards is compliant with Payment Card Industry Data Security Standards? (PCIDSS) *
Have you entered into a written contract or agreement with a service provider or utilize a third party that holds, transmits, or stores personal information* on your behalf? *
Employee Controls
Does the applicant conduct background checks on all employees? *
Does the applicant restrict employee access to Personally Identifiable Information on a business “need-to-know” basis? *
Is remote access to the network permitted only if through Virtual Private Network (VPN) or equivalent system? *
Does applicant terminate all associated computer access and user accounts as part of the regular exit process when an employee leaves the company? *
Do you track and monitor all access to network resources? *