Cyber and Data Security. Proposal form



Similar documents
Cyber Extension Proposal Form

CyberEdge. Desired Coverages. Application Form. Covers Required. Financial Information. Company or Trading Name: Address: Post Code: Telephone:

Airmic Review of Recent Developments in the Cyber Insurance Market. & commentary on the increased availability of cyber insurance products GUIDE

1. (a) Full name of proposer including trading names if any (if not a limited company include full names of partners) Date established

CYBER RISK SECURITY, NETWORK & PRIVACY

Architects and Engineers Professional Liability Insurance Summary

Design and Construct Professional Liability Insurance Summary

Coverage is subject to a Deductible

CPM. Esurance CPM Application Form INSURANCE FOR CYBER, PRIVACY & MEDIA RISKS

Construction Consultants Professional Liability Insurance Summary

Dataguard Advantage. cyber liability. Company information. Company name(s) Postal address. Postcode. Website address

Surveyors Professional Liability Insurance Summary

CPM. Esurance TM CPM Application Form INSURANCE FOR CYBER, PRIVACY & MEDIA RISKS

CPM. Application Form INSURANCE FOR CYBER, PRIVACY & MEDIA RISKS

Specialist Miscellaneous Professions (Legal Liability) Professional Liability Insurance Summary

Mitigating and managing cyber risk: ten issues to consider

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

Cyber/ Network Security. FINEX Global

QBE Trade Credit Trade Credit Insurance proposal form

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

How To Write A Proposal Form For Insurance (Uk) Ltd

Information and Communication Technology, Cyber and Data Security

How To Cover A Data Breach In The European Market

Non-Negligence Liability Insurance (UK) Insurance Summary

Intellectual Property Pursuit and Defence. Summary of Cover

Website Hosting Agreement

Professional Indemnity Insurance for Security Companies Proposal Form

Cyber and data Policy wording

How To Make A Contract Between A Client And A Hoster

Professions TechGuard Proposal Form

PROFESSIONAL INDEMNITY INSURANCE PROPOSAL FORM FOR INSURANCE INTERMEDIARIES

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

MOTOR FLEET PROPOSAL FORM

Professional Indemnity Insurance for Architects & Engineers Proposal Form

INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name:

Privacy and Data Breach Protection Modular application form

1. Company Information Company Name:... Postal Address:... Post Code:... Website Address:... Address... Other Trading Address:...

TELEFÓNICA UK LTD. Introduction to Security Policy

INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES

Professional Liability Insurance for Educational Establishments Proposal Form

Professional Indemnity Insurance for Insurance Brokers & Intermediaries Proposal Form

INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION

Motor Trade Road Risks. Proposal Form

Web Hosting Contract

Security & Privacy Current cover and Risk Management Services

Enterprise PrivaProtector 9.0

Employers' Liability Insurance Insurance Summary

LAUW Cyber erisks. SME Questionnaire.

Cyber, Security and Privacy Questionnaire

CyberEdge Insurance Proposal Form

Media Liability Insurance

PROFESSIONAL INDEMNITY INSURANCE PROPOSAL FORM FOR INSURANCE INTERMEDIARIES

Commercial legal expenses insurance

IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA Toll Free: (877) IRON411

Contractors' Combined Liability Insurance Notice of Change

Public and Products Liability Claims Made Insurance (UK) Notice of Change

Protecting your business from cyber crime and data loss. November 2014

(1) Helastel Ltd. (2) You WEBSITE HOSTING AGREEMENT

Managing Cyber Risk through Insurance

MEDIATECH APPLICATION

APPLICATION FOR PROFESSIONAL LIABILITY INSURANCE WITH CERTAIN UNDERWRITERS AT LLOYD S

National Corporate Practice. Cyber risks explained what they are, what they could cost and how to protect against them

Technology, Privacy and Cyber Protection Modular application form

INFORMATION TECHNOLOGY SECURITY STANDARDS

Public and Product Liability Claims Made Insurance (UK) Insurance Summary

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

E nvironm ental Consultants

Web Hosting & Domain Name - Terms and Conditions

Employers' Liability Insurance Notice of Change

Miscellaneous Professional Indemnity Insurance

Zurich Security And Privacy Protection Policy Application

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Insurance Brokers Professional Liability Proposal Form

Charity Professional & Trustees Liability Insurance

ACE Advantage PRIVACY & NETWORK SECURITY

THE ANATOMY OF A CYBER POLICY. Jamie Monck-Mason & Andrew Hill

Cyber Security Issues - Brief Business Report

Intellectual Property Litigation Insurance Proposal Form

Breeze Underwriting Application Form Accountants Professional Indemnity Insurance

ISO? ISO? ISO? LTD ISO?

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

Professional Indemnity Insurance for Insurance Brokers

Service Children s Education

STANDARD HOSTING AGREEMENT

QBE Trade Credit Claim form

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

MEDICAL ESTABLISHMENTS MEDICAL MALPRACTICE INSURANCE PROPOSAL FORM

Construction Professional Liability Insurance Proposal

DODO WEB HOSTING TERMS OF SERVICE

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS Data Breach : The Emerging Threat to Healthcare Industry

How To Protect Decd Information From Harm

Electronic business conditions of use

Professional Indemnity Select

TechDefender SM. Tech E&O, Network Security, Privacy, Internet Media, and MPL Insurance Application

Contractors' Combined Liability Insurance Summary

Liability Insurance Proposal

(the "Website") is provided by Your Choice Counselling.

Transcription:

Cyber and Data Security Proposal form

This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which sections of cover you require a quotation for. Please tick where appropriate. Cyber, data security and multimedia liability Cover for compensatory damages and defence costs for liabilities arising from: Your failure to correctly handle manage or store personal and commercial data Your violation of data protection and privacy regulation and/or legislation A third-parties good faith reliance on a hackers fraudulent use of the your electronic signatures Your failure to protect against unauthorised access to, unauthorised use of, or a denial of service attack by a hacker Your unintentional spreading of computer virus Your improper online activities such as web-scraping and web harvesting Multimedia exposures in the form of defamation and breaches of intellectual property rights arising from any matter or content you publish online including the content of your website. Mandatory minimum cover Cover is also given for your own costs to deal with: The reimbursement of any financial benefit that has been transferred to a third-party by a hacker and you cannot recoup Public relations and crisis management specialists to help you respond to and mitigate the damage from an insured event Regulatory investigations and penalties (Where insurable by law) The withdrawal of any content you publish and which is deemed to breach advertising standards Compensating you for the costs of having employees in court to deal with any claims covered under the policy. Data breach costs cover Cover to help you deal with the costs and event response following a Cyber or data security event, including a breach of privacy and/or data protection regulation. Cover includes: The costs to notify individuals that their data has been breached, including legal drafting The cost of credit monitoring where personal financial data has been breached The cost of a call centre to coordinate and handle a data breach notification response. Information and communication asset rectification costs cover Cover to help you deal with the costs of: Repairing, restoring or replacing the affected parts of your information and communication assets (including software, hardware, firmware and electronic data) following any damage, destruction, alteration, corruption, copying, theft or misused by a hacker. Cyber business interruption costs cover Cover to help you deal with the costs of: Replacing your lost profit as a result you being unable to trade during a total or partial interruption, degradation in service or failure of information and communication assets following a hacker attack. Cyber extortion cover Cover to help you deal with the costs of: Handling and dealing with the response to a threat from a hacker to attack your information and communication assets. Cover also includes the value of a ransom you make have had to pay to avoid such event. Please note that cover is subject to policy terms and conditions. Please ask your broker for a copy of the policy wording. 3326/CYBER&DATASECURITY/PROPOSAL/APR2014 P2 / 10

Company information 1 Company name 2 Website address 3 Postal address Postcode 4 Email address 5 Do you require cover for any other locations which are not stated as your main postal address? If Yes, please provide details 6 Business established since: 7 Number of employees: 8 Please provide a description of your business services: 9 Please give a breakdown of your turnover, including fee income, for the past and current financial years, and estimate for the next year: Financial year end (date) Total turnover including fee income: Profit (net before income tax) Past year (actual) Current Year (estimate) Next year (estimate) Please provide an estimated percentage split of turnover including fee income by geographical territory: Past year (actual) Current year (estimate) Next year (estimate) United Kingdom clients European clients USA and Canadian clients NOT subject to USA/Canada law USA and Canadian clients subject to USA/Canada law Rest of world clients Total 100 100 100 3326/CYBER&DATASECURITY/PROPOSAL/APR2014 P3 / 10

Network and data structure 1 Please provide brief details of the functions of your internal IT network 2 Please provide details of the size of your IT network, number of: Computer users: Servers: Portables: (Laptops, smartphones, notebooks, tablets) Server locations: PC s: 3 Please provide a financial value for your IT network (including but not limited to hardware, software, cabling and firmware) 4 Please estimate the total number of Personally Identifiable Information records, including employees and customers that your company holds. Personally Identifiable Information is defined as: information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. Do you see this changing substantially in the next 12 months? If Yes please provide details below: 5 Please highlight which bands of Personally Identifiable Information records you hold: Low Sensitivity Name E-mail address Moderate Sensitivity Home address Telephone numbers Date of birth Drivers Licence number Protected health information Insurance Policy number National Insurance number Passport number Highly Sensitivity Banking or Saving Account number Debit Card number Credit Card number 6 Please estimate what proportion of the total number of Personally Identifiable Information records you hold include a highly sensitive element: 3326/CYBER&DATASECURITY/PROPOSAL/APR2014 P4 / 10

7 Do you seek explicit consent from all third parties before selling or sharing their Personally Identifiable Information? 8a Do you outsource any part of your IT network including but not limited to data storage, data hosting and/or data-processing of Personally Identifiable Information records? If Yes please prove the name of the third-party company: b Does this involve the transfer any Personally Identifiable Information records to third-parties outside of the European Economic Area (EEA)? c If Yes, do you ensure that the countries in which these third-parties hold your Personally Identifiable Information records have strict government legislation and regulation on data protection? If No please provide details below: d Do you have a written contract in place with these third parties that will indemnify you for IT system or data security breaches arising from their services? Network and data security 1 Do you have a Chief Information Officer (CIO ) and/or a Chief Security Officer (CSO)? If No please provide details of who controls your IT network and data/information security. 2 Do you adhere to and comply with the following: Data Protection Act 1998: Privacy and Electronic Communications Regulations Payment Card Industry (PCI) Data Security Standards: ISO 27001: 3326/CYBER&DATASECURITY/PROPOSAL/APR2014 P5 / 10

3a Have you had a third party security audit undertaken on your IT network? b If Yes have you implemented the recommendations of the audit? 4 Do you ensure that all Personally Identifiable Information records are backed up and held at a secondary location? 5 Do you have firewalls protecting all external IT network gateways? 6 Do you use encryption tools to ensure the integrity and confidentiality of all Personally Identifiable Information records including those on removable media? 7 Do you use anti-virus software and anti-spyware? 8 Do you have a vulnerability assessment program that monitors for IT network security and data security breaches and ensures timely updates of anti-virus and anti-spyware signatures and critical security patches. 9 When recruiting new employees to you undertake thorough background checks before employment is offered? Such as: CRB (Criminal Record Bureau), Identity, Qualifications, Disciplinary. 3326/CYBER&DATASECURITY/PROPOSAL/APR2014 P6 / 10

10a Do you have an internet and email usage policy written into all employment contracts which is clearly communicated to all employees? b If Yes, does this permits the monitoring and investigation of computer activity of your employees? If No to either of the above, please provide details: 11 Do you implement a data protection policy for the handling of data including Personally Identifiable Information records which is clearly communicated to all employees? 12 Do you have physical controls and registration for visitors at your company s entrance area? 13 Are all Personally Identifiable Information records, including those contained in a physical form (paper, disks, CDs, hard drives), disposed of or recycled by a confidential and secure means which is recognised throughout the organisation? Business impact 1 How fast are you likely to incur a loss of profit as a result of an IT network compromise and a total system downtime? Level 1: 48 hours + Level 3: 12-24 hours Level 5: Immediately Level 2: 24-48 hours Level 4: 1-12 hours 2 In the event of your IT network being subjected to a non-scheduled closure and total downtime; please estimate your maximum daily loss of profit (net profit before tax). 3 Do you have a disaster recovery plan which protects you against any sudden or unexpected failure of your IT network and security breach/data compromise? If No then please advise how you would deal with such an event in a time critical manner? If Yes : a Is the back-up system managed by a Third Party? b How regularly is it tested? c When was it last tested? d How long did it take to switch to this back-up system? 3326/CYBER&DATASECURITY/PROPOSAL/APR2014 P7 / 10

Online media 1 Do any of your websites (including websites you may host for third-parties) contain any of the following: Financial transactions via payment cards Medical records or private information of individuals Legal advice or services Streaming music or video Social networking If you answered Yes to any of the above please provide details below: 2 Do you have a privacy policy on your website? If No, please provide details: 3 Do you have a specific policy for managing all opt-in / opt-out marketing requests including the use/storage of cookies on a browsers system/device? 4 Do you have a procedure for responding to allegations that content created, displayed or published is libelous, infringing intellectual property rights, or in violation of a third party s privacy rights? 5 Are third parties able to contribute to message boards, chat rooms or forums on your websites (including websites you may host for third-parties)? If Yes, please describe what procedures you have in place for monitoring or moderating content posted on your website including your take-down policy. 6 Do you have a qualified lawyer (or other legally qualified individual) review all content prior to posting on your websites (including websites you may host for third-parties)? If No then who authorises this? 7 Do you obtain written warranties and indemnities from third parties for content they have created for you (including advertising agents)? If No, please provide details: 3326/CYBER&DATASECURITY/PROPOSAL/APR2014 P8 / 10

Claims and insurance history 1 Have you previously been insured in respect of Cyber and Data Security? If Yes please provide details (UNLESS YOU ARE INSURED WITH QBE) Cyber and Data Security Insurer Limit of indemnity Excess (each & every claim) Premium Expiry date 2 Has your business ever been declined for a Cyber and Data Security insurance policy, or had an existing policy cancelled? If Yes please provide full details: 3 Have you ever experienced an event that did or may have given rise to a claim or circumstance under a cyber and data security policy, including but not limited to hacking incident, virus or malicious code attack, cyber extortion attempt, breach of secure data, wrongful disclosure of personal data or interference with rights of privacy? If Yes please provide details including what measures have been taken to prevent a reoccurrence? 4 Please provide details of any matter which may be relevant to Underwriters consideration of your proposal and which has not been disclosed elsewhere in this proposal: 3326/CYBER&DATASECURITY/PROPOSAL/APR2014 P9 / 10

Declaration I/We declare that this proposal has been completed after appropriate enquiry and that the statements and particulars in this proposal (including all attachments, if applicable) are true and that I/We have neither misrepresented or suppressed any material facts. I/We undertake to inform Underwriters of any material alteration to these facts whether occurring before or after the completion of the contract of insurance. Signature of Principal/Partner/Director Date 3326/CYBER&DATASECURITY/PROPOSAL/APR2014 P10 / 10 QBE European Operations is a trading name of QBE Insurance (Europe) Limited, no. 01761561 ( QIEL ), QBE Underwriting Limited, no. 01035198 ( QUL ), QBE Management Services (UK) Limited, no. 03153567 ( QMSUK ) and QBE Underwriting Services (UK) Limited, no. 02262145 ( QSUK ), whose registered offices are at Plantation Place, 30 Fenchurch Street, London, EC3M 3BD. All four companies are incorporated in England and Wales. QIEL and QUL are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. QUL is a Lloyd s managing agent. QMSUK and QSUK are both Appointed Representatives of QIEL and QUL.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information