Any appointed insurance broker can quote and bind a Coalition cyber insurance or technology errors & omissions policy online in under four minutes. During this process you'll be asked a few simple questions about the insured (see below), with little-to-no preparation required. Need to change an answer later on? No problem. Responses can be changed at any time. It’s literally as easy as riding a bicycle.
All the same, if you want to be prepared (some of us were Boyscouts too), here’s the information to have on hand:
- Company Name (i.e., the named insured(s))
- Website Domain(s)
- Number of employees (asked in ranges)
- Estimated annual revenue, projected for the next 12 months (gross revenue or net revenue may also be requested for certain industries)
- US or Canadian headquarters address
Cyber insurance Questions
- Question 1: Within the last 3 years has company suffered a cyber incident resulting in a claim in excess of $25,000? (Yes/No answer)
- Question 2: Is company aware of any circumstances that could give rise to a claim under this insurance policy? (Yes/No answer)
- Question 3: Does company implement encryption on laptop computers, desktop computers, and other portable media devices? (Yes/No/Sometimes answer)
- Question 4: Does company collect, process, store, transmit, or have access to any Payment Card Information PCI*, PII**, or PHI*** other than employees of company?
- If Yes to #4, then two questions: What is the estimated annual volume of payment card transactions (credit cards, debit cards, etc.)? How many PII** or PHI*** records does company collect, process, store, transmit, or have access to?
- Both answers are ranges: None / <100K / 100K-500K; 500K - 1M / over 1M needs number
- Please select an effective date for company's policy.
Additional questions for cyber insurance may be asked based upon the coverages selected or the industry of the company, such as:
- Within the last 3 years has company been subject to any complaints concerning the content of its website, advertising materials, social media, or other publications? (Yes/No answer)
- Does company enforce procedures to remove content (including third party content) that may infringe or violate any intellectual property or privacy right? (Yes/No answer)
- Does company maintain at least weekly backups of all sensitive or otherwise critical data and all critical business systems offline or on a separate network? (Yes/No answer)
- Does company require a secondary means of communication to validate the authenticity of funds transfers (ACH, wire, etc.) requests before processing a request in excess of $25,000? (Yes/No answer)
Technology E&O questions
(can be added to any cyber policy and only needs to be answered if Technology E&O is quoted)
- Question 1: Within the last 3 years has the company been subject to a dispute or claim arising from a technology error or omission in excess of $25,000? (Yes/No answer)
- Question 2: Is the company operating as a managed service provider (MSP), or does the company participate directly in or sell technology products/services designed for any of the following industries?
- Adult Entertainment
- Financial Services
- Internet of Things
- Payment Processing
- Point of Sale (POS) Software/Hardware/Reseller
- Professional Services (Legal,Medical, A&E, or other licensed professional services)
- Question 3 : Please describe the company’s use of technology in delivering its product and/or services.
- Question 4: How often are the company's services provided by written agreement or contract? (Select the option most accurately describing the company)
a) 100% of agreements or contracts
b) 50% or more of agreements or contracts
c) Less than 50% of agreements of contracts
d) 0% of agreements or contracts
- Question 5: Identify the standard risk mitigating clauses or methods contained within the company's agreements or contracts (select those that apply):
- Customer acceptance / final sign off
- Disclaimer of warranties
- Hold harmless agreements that benefit the company
- Limitation of liability
- Exclusion of consequential damages
- Indemnification clause
- Binding mandatory arbitration
- Project phases / milestones
If you'd like to gather the cyber information from your client before completing the application, feel free to download the questionnaire below (both US and Canadian versions available).
* PCI = Payment Card Information
** PII = Personally Identifiable Information
*** PHI = Protected or Personal Health Information