Any appointed insurance broker can quote and bind a Coalition cyber insurance or technology errors & omissions policy online in under four minutes. During this process you'll be asked a few simple questions about the insured (see below), with little-to-no preparation required. Need to change an answer later on? No problem. Responses can be changed at any time. It’s literally as easy as riding a bicycle.   

All the same, if you want to be prepared (some of us were Boyscouts too), here’s the information to have on hand:

  • Company Name (i.e., the named insured(s))

  • Business Domain(s) (i.e. website, email, and other domains)

  • Industry

  • Number of employees (asked in ranges)

  • Estimated annual revenue, projected for the next 12 months (gross revenue or net revenue may also be requested for certain industries)

  • US or Canadian headquarters address

Cyber insurance Questions

  • Question 1: Within the last 3 years has company suffered a cyber incident resulting in a claim in excess of $25,000? (Yes/No answer)

  • Question 2: Is company aware of any circumstances that could give rise to a claim under this insurance policy? (Yes/No answer)

  • Question 3: Does company implement encryption on laptop computers, desktop computers, and other portable media devices? (Yes/No/Sometimes answer)

  • Question 4: Does company collect, process, store, transmit, or have access to any Payment Card Information PCI*, PII**, or PHI*** other than employees of company?

  • If Yes to #4, then two questions: What is the estimated annual volume of payment card transactions (credit cards, debit cards, etc.)? How many PII** or PHI*** records does company collect, process, store, transmit, or have access to?

  • Both answers are ranges: None / <100K / 100K-500K; 500K - 1M / over 1M needs number

  • Please select an effective date for company's policy.

Additional questions for cyber insurance may be asked based upon the coverages selected or the industry of the company, such as:

  • Within the last 3 years has company been subject to any complaints concerning the content of its website, advertising materials, social media, or other publications? (Yes/No answer)

  • Does company enforce procedures to remove content (including third party content) that may infringe or violate any intellectual property or privacy right? (Yes/No answer)

  • Does company maintain at least weekly backups of all sensitive or otherwise critical data and all critical business systems offline or on a separate network? (Yes/No answer)

  • For which of the following services do you enforce Multi-Factor Authentication (MFA)?

    • Email - (Yes/No answer)

    • Virtual Private Network (VPN), Remote Desktop Protocol (RDP), RDWeb, RD Gateway, or other remote access (Yes, No or N/A - No Remote Access Allowed

    • Network / cloud administration or other privileged user accounts (Yes, No or On administrative accounts and all cloud services where supported)

  • Does company require a secondary means of communication to validate the authenticity of funds transfers (ACH, wire, etc.) requests before processing a request in excess of $25,000? (Yes/No answer)

Technology E&O questions
(can be added to any qualifying cyber policy and only needs to be answered if Technology E&O is quoted)

  • Question 1: Within the last 3 years has the company been subject to a dispute or claim arising from a technology error or omission in excess of $25,000? (Yes/No answer)

  • Question 2: Is the company operating as a managed service provider (MSP), or does the company participate directly in or sell technology products/services designed for any of the following industries?

        - Adult Entertainment
        - Automotive
        - Aviation
        - Blockchain
        - Cannabis
        - Cryptocurrency
        - Financial Services
        - Gambling
        - Healthcare
        - Internet of Things
        - Military/Defense
        - Payment Processing
        - Point of Sale (POS) Software/Hardware/Reseller
        - Professional Services (Legal,Medical, A&E, or other licensed professional services)

  • Question 3 : Please describe the company’s use of technology in delivering its product and/or services.

  • Question 4: How often are the company's services provided by written agreement or contract? (Select the option most accurately describing the company)

        a) 100% of agreements or contracts
        b) 50% or more of agreements or contracts
        c) Less than 50% of agreements of contracts
        d) 0% of agreements or contracts

  • Question 5: Identify the standard risk mitigating clauses or methods contained within the company's agreements or contracts (select those that apply): 

        - Customer acceptance / final sign off
        - Disclaimer of warranties
        - Hold harmless agreements that benefit the company
        - Limitation of liability
        - Exclusion of consequential damages
        - Indemnification clause
        - Binding mandatory arbitration
        - Project phases / milestones

If you'd like to gather the cyber information from your client before completing the application, feel free to download the questionnaire below (both US and Canadian versions available).

* PCI = Payment Card Information

** PII = Personally Identifiable Information

*** PHI = Protected or Personal Health Information

Did this answer your question?