Frank Cowan Company Limited 75 Main Street North, Princeton, ON N0J 1V0 Phone: 519-458-4331 Fax: 519-458-4366 Toll Free: 1-800-265-4000 www.frankcowan.com CYBER RISK INSURANCE DETAILED APPLICATION Notes: All questions must be completed Each policy is provided on a claims-made and reported basis. Defence expenses are included within the limits of coverage. The retroactive dates for your claims-made and reported coverages are the first effective dates of coverage unless we agree to different dates Wherever used in this Application you refers to the Applicant unless otherwise noted Please provide the following additional information: 1. 2. 3. 1. Loss runs for the last 5 years Latest audited financial statements List of all material litigation threatened or pending GENERAL INFORMATION Name of Applicant Key Contact Position Address Postal Code Phone Fax Email Website Broker Name Brokerage Address Postal Code Phone Fax Email Website How long have you (the broker) had this account and/or known the Applicant? Please describe your operations and services Date Established (dd/mm/yy) Applicant is Individual Partnership Is the entity owned, controlled by or affiliated with any other entity? Corporation Other If "", please attach details 1
2. INSURANCE AND COVERAGE INFORMATION Indicate the limit of insurance requested 100,000 250,000 500,000 1,000,000 Coverage is subject to a Deductible The column directly beneath the "Aggregate Limit" indicates the limits that are included for each applicable coverage Aggregate Limit Media Content Services Liability Network Security Liability Privacy Liability Extortion Threat Privacy Notification Costs Regulatory Proceedings Crisis Management Expense Business Interruption 100,000 5,000 50,000 5,000 50,000 250,000 12,500 125,000 12,500 175,000 500,000 25,000 250,000 25,000 250,000 1,000,000 50,000 500,000 50,000 500,000 *Note: Limits and Sub-limits above are subject to underwriter approval and may change where exposures warrant Coverage Description Media Content Services Liability Media exposures such as defamation and breaches of intellectual property rights arising from your on-line publishing exposures Network Security Liability Your failure to protect against unauthorized access to or unauthorized use of or denial of services attack by a hacker Privacy Liability Violation of data protection and privacy regulations/legislation Extortion Threat Cover to assist you in dealing with the costs of handling/response to a threat from a hacker to attack your information and electronic assets Privacy Notification Costs Costs to assist you in dealing with a data breach including costs of notification and costs of credit monitoring Regulatory Proceedings Regulatory fines and claims expenses that you become legally obligated to pay as a result of a regulatory proceeding Crisis Management Expense Costs to assist you after a network compromise such as public relations costs Business Interruption Covers the reduction in business income during the period of restoration after a network compromise 2
Prior Cyber Insurance Year Insurance Carrier Current Previous Year 1 Previous Year 2 Previous Year 3 Previous Year 4 Limit Of Liability Deductible Premium Proposed Retroactive Date (dd/mm/yy) Proposed Effective Date (dd/mm/yy) Is an Extended Reporting Period currently in place? Retroactive Date Policy Period If "", please attach copy of endorsement showing effective and expiration dates During the past 5 years, has any similar Errors and Omissions coverage been cancelled, declined or non-renewed? In the past 5 years, have you or anyone in your firm received any complaints concerning products or services provided by you or anyone else on your behalf? If "", please attach a detailed explanation 3. PRIOR CLAIMS AND CIRCUMSTANCES If "", please attach an explanation of each, including resolution Are you or anyone in your firm aware of any fact, circumstance or situation that could give rise to a claim under this or similar insurance policy? If "", please attach an explanation of each and current status During the past 5 years, has any principal, partner, director, officer or professional employee ever been subject to disciplinary action by any regulatory agency or association? If "", please attach full details During the past 5 years, has any principal, partner, director, officer or professional employee ever had his license revoked or suspended? If "", please attach full details 4. REVENUES Company Revenues Domestic Foreign Total Prior Year Current Year (estimate) Next Year (estimate) 3
5. Indicate all Countries outside of Canada that you operate in RISK MANAGEMENT, NETWORK SECURITY AND PRIVACY Do you have any risk management procedures in place? If "", please attach a copy of these procedures Do you have a formalized training program for newly hired employees? Do you employ a Chief Information Officer? Do you employ a Chief Security Officer? Do the above positions report to the Board of Directors? (f) Do you have a corporate-wide privacy policy? (g) Have your privacy policies been reviewed and approved by an attorney? (h) How often are the company's policies reviewed and updated? (i) Do you have restricted employee access to private information? (j) Do you have internal training for employees concerning the handling of private, data security and sensitive information? (k) In the past 2 years have you undergone an internal or external privacy audit? (l) Have all recommendations been implemented? If "", please attach an explanation (m) What percentage of your business involves subcontracting work to others? Please describe services (n) Do you require evidence of Errors and Omissions insurance from subcontractors? % If "", please attach an explanation as to how the Applicant protects itself from acts or omissions arising out of services performed by subcontractors (o) Please indicate the number of principals, partners, directors, officers and professional employees directly engaged in providing professional services to clients (p) Please indicate the number of all other nonprofessional and/or clerical employees 4
6. MANAGEMENT OF INFORMATION How many individual customers do you provide services to (estimate)? Below indicate the type of data records stored Note: 'Yes' or 'No' is mandatory for each type of data record. Yes No Exact Number if Known Credit Cards Healthcare Social Insurance Numbers Bank accounts of customers, staff and volunteers Other If Exact Number is not known, indicate the approximate range that represents the Total of All data records Stored. 1-1000 1001-10,000 10,001-100,000 100,001-1,000,000 1,000,001 or more Is any of this information regulated by the federal Personal Information Protection and Electronic Documents Act (PIPEDA) as amended, and in equivalent provincial and territorial legislation, Personal Health Information Protection Act, 2004 (Ontario) and equivalent legislation in other provinces and territories, or other laws or legislation protecting private or personal information? Do you have written procedures in place to comply with laws governing the handling and/or disclosure of such information? Do you share private or personal information gathered from customers (by the Applicant or others) with third parties? If "", do you seek explicit consent from all third parties before selling or sharing their personally identifiable data? Do you Have a disaster recovery plan? Have a business continuity plan? Have computer use policies? Have a computer security policy? Have and maintain a laptop or mobile device security policy? Store sensitive data on laptops or web servers? If you store sensitive data on laptops or web servers, is the data encrypted? Are your internal networks and/or computer systems subject to third party audit or monitoring? (f) If "", when was the last audit? (dd/mm/yy) Have all improvements and recommendations been implemented? If "", please attach an explanation (g) Do you outsource the handling of sensitive data to any third party? (h) Please provide the Name and Address of any third party you use for data hosting and/or payment processing. 5
7. COMPUTER SYSTEM CONTROLS Do you use firewall technology? If "", is the firewall technology updated on a regular basis? Do you use anti-virus software? If "", is anti-virus installed on all of the Applicant's computer systems, including laptops, personal computers and networks? Do you use intrusion detection software to detect unauthorized access to internal networks and computer systems? Is it company policy to up-grade all security software as new releases/improvements become available? Do you have a formal documented user and password procedure in place? (f) Do you provide remote access to computer systems? If "", how many users have remote access? (g) How often is sensitive/valuable information backed-up? How long is this information stored? Is this information encrypted end to end? If "", please attach an explanation (h) Do you terminate all associated computer access and user accounts when an employee leaves the company? (i) Have you suffered any known intrusions, unauthorized access or been a target of a security or virus incident of your computer systems in the past 2 years? If "", how many intrusions occurred? If "", please submit a description of the nature of the event, damage, any lost time, business income, repair costs and their nature (j) Does your organization use a standalone computer system (not linked to a a larger corporate network that may combine data with other entities such as yours)? Please indicate which of the following media activities you engage in. Print advertising Television or radio advertising On-line advertising Social media marketing Printed publications Event/conference speaking Do you outsource your advertising? If "", does the Applicant have written hold harmless and indemnification agreements with the advertising agency? If "", what network? 8. MEDIA AND INTELLECTUAL PROPERTY 6
Do you display, provide access to or distribute content? If "", what types (i.e. brochure, music etc.) Do you have a formal review process in place for intellectual property screening for the following Applicant's advertising? Product designs, names and logos? Applicant's domain name? If "", please attach full details Do you have a procedure for responding to allegations that content created, displayed or published by the Applicant is libelous, infringing, or in violation of a third party's privacy rights? (f) Do you have a qualified attorney review all content prior to posting on the Internet? If "", does the review include screening the content for the following Libel or Slander Copyright Infringement Trademark Infringement Invasion of Privacy If "", please attach an explanation (g) Do you use or license any open source code? (h) Do you re-sell any third party software products? Is any of the software code used by you licensed from third parties or developed on an outsourced basis? (i) If "", please describe (j) Do you always obtain full indemnity from licensors for any infringement? (k) Have you ever received, filed suit, made a claim or a complaint or cease and desist demand alleging trademark, copyright, software copyright, invasion of privacy, or defamation with regard to any content? If "", please attach full details 7
PLEASE READ The Applicant hereby represents after inquiry, that information contained herein and in any supplemental applications or forms required hereby, is true, accurate and complete, and that no material facts have been suppressed or misstated. The Applicant acknowledges a continuing obligation to report to the Company as soon as practicable any material changes in all such information, after signing the application and prior to issuance of the policy, and acknowledges that the Company shall have the right to withdraw or modify any outstanding quotations and/or authorization or agreement to bind the insurance based upon such changes. Further, the Applicant understands and acknowledges that: 1. If a policy is issued, the Company will have relied upon, as representations, this application, any supplemental applications, and any other statements furnished to the Company in conjunction with this application, all of which are hereby incorporated by reference into this application and made a part thereof. 2. This application will be the basis of the policy and will be incorporated by references into and made part of such policy; and 3. The Applicant's failure to report to its current insurance company any claim made against it during the current policy term, or act, omission or circumstances which the Applicant is aware of which may give rise to a claim before the expiration of the current policy may create a lack of coverage for each Applicant who had a basis to believe that any such act, omission or circumstances might reasonably be expected to be the basis of a claim. 4. The policy applied for provides coverage on a claims made and reported basis and will apply only to claims that are first made against the insured and reported in writing to the Company during the policy period. Claims expenses are within and reduce the limit of liability. The Applicant hereby authorizes the release of claim information to the Company from any current or prior Insurer of the Applicant. FRAUD WARNINGS Any person who knowingly includes any false or misleading information on an application for an insurance policy may be subject to criminal and civil penalties. APPLICANT ACKWLEDGEMENT The Applicant represents that the above statements and facts are true and that no material facts have been suppressed or misstated. Completion of this form does not bind coverage. The Applicant s acceptance of the company s quotation is required prior to binding coverage and policy issuance. All written statements and materials furnished to the company in conjunction with this application are hereby incorporated by reference into this application and made a part hereof. The undersigned certifies that he or she is an authorized representative of the applicant identified in "1. GENERAL INFORMATION" and certifies that reasonable inquiry has been made to obtain the answers to these questions. He or she certifies that the answers are true, correct and complete to the best of his/her knowledge and belief. Applicant Applicant Signature Title/Position Date Agent/Broker Name 8