Data Breach / Cyber Liability Form


Management Of Privacy and Data Exposures

Total Number of employees
0/100 points
Do you have a written corporate-wide privacy policy regarding the protection and safeguarding of client and company info?
Do you accept credit cards for goods sold or services rendered?
If yes, are you in compliant with applicable data security standards issued by financial institutions that you transact with (e.g. PCI standards)?
Are you aware of any release, loss or disclosure of personally identifiable information in its care, custody or control, or anyone holding such information on behalf of you in the most recent three year time period from the date of this Application?

Computer System Controls

Do you publish and distribute written computer and information systems policies and procedures to its employees?
Does the applicant have:
a disaster recovery plan?
a business continuity plan?
an incident response plan for network intrusions and virus incidents?
Do you use commercially available firewall protection?
Do you use commercially available antivirus protection?
Do you terminate all computer access and user accounts as part of the regular exit process when an employee leaves the company?
Do you have, and enforce, policies concerning when internal and external communication should be encrypted?
Do you encrypt data stored on laptop computers, back-up tapes and all other portable media?
Do you encrypt data “at rest” within computer databases?
Do you enforce a software update process including installation of software “patches”?
Have you suffered any known intrusions (i.e., unauthorized access or security breach) or denial of service attacks relating to its computer systems in the most recent three (3) year time period from the date of this Application If yes, describe any such intrusions or attacks:

Website Content Controls

Do you have a process to review all content prior to posting on the Insured’s Internet Site?
Within the last three (3) years, have you ever received a complaint or cease and desist demand alleging trademark, copyright, invasion of privacy, or defamation with regard to any content published, displayed or distributed by or on behalf of you?

3rd Party Applications

Do you or a third party service provider on behalf of you, collect non-employee (client) personal identifiable information (name, address, credit cards, social security #, driving license, medical records)
If “Yes”, do over 10% of these records contain medical or financial account information (other than credit card information)?
Do you or a third party service provider to store / collect / keep track of client or customer information (name, address, credit cards, social security #, driving license, medical records)?

Prior Insurnace

Do you currently have insurance in place covering media, privacy or network security exposures?
If yes, please provide the following:

Prior Claims and Circumstance

Have you ever received any claims or complaints with respect to allegations of invasion of or injury to privacy, identity theft, theft of information, breach of information security, software copyright infringement or content infringement or been required to provide notification to individuals due to an actual or suspected disclosure of personal information?
Have you been subject to any government action, investigation or subpoena regarding any alleged violation of any law or regulation?
Have you ever experienced an extortion attempt or demand with respect to its computer systems?
Have you notified consumers of a data breach incident in accordance with a data breach notification law in the past three (3) years?
Have you, or any director, officer, employee or other proposed insured have knowledge or information of any fact, circumstance, situation, event or transaction which may give rise to a claim or privacy breach notification under the proposed insurance?
Powered byFormsiteReport abuse