Any appointed insurance broker can quote and bind a Coalition cyber insurance or technology errors & omissions policy online in under four minutes. During this process, you'll be asked a few simple questions about the insured (see below), with little-to-no preparation required. Need to change an answer later on? No problem. Responses can be changed at any time. It’s literally as easy as riding a bicycle.
All the same, if you want to be prepared (some of us were Boyscouts too), here’s the information to have on hand:
-
Company Name (i.e., the named insured(s))
-
Business Domain(s) (i.e. website, email, and other domains)
-
Industry
-
Number of employees (asked in ranges)
-
Estimated annual revenue, projected for the next 12 months (gross revenue or net revenue may also be requested for certain industries)
-
US or Canadian headquarters address
Cyber insurance Questions
-
Question 1: Within the last 3 years, has company suffered a cyber incident resulting in a claim in excess of $25,000? (Yes/No answer)
-
Question 2: Is company aware of any circumstances that could give rise to a claim under this insurance policy? (Yes/No answer)
-
Question 3: Does company implement encryption on laptop computers, desktop computers, and other portable media devices? (Yes/No/Sometimes answer)
-
Question 4: Does company collect, process, store, transmit, or have access to any Payment Card Information PCI*, PII**, or PHI*** other than employees of company?
-
If Yes to #4, then two questions: What is the estimated annual volume of payment card transactions (credit cards, debit cards, etc.)? How many PII** or PHI*** records does company collect, process, store, transmit, or have access to?
-
Both answers are ranges: None / <100K / 100K-500K; 500K - 1M / over 1M needs number
-
Please select an effective date for company's policy.
Additional questions for cyber insurance may be asked based upon the coverages selected or the industry of the company, such as:
-
Within the last 3 years, has company been subject to any complaints concerning the content of its website, advertising materials, social media, or other publications? (Yes/No answer)
-
Does company enforce procedures to remove content (including third party content) that may infringe or violate any intellectual property or privacy right? (Yes/No answer)
-
Does company maintain at least weekly backups of all sensitive or otherwise critical data and all critical business systems offline or on a separate network? (Yes/No answer)
-
For which of the following services do you enforce Multi-Factor Authentication (MFA)?
-
Email - (Yes/No answer)
-
Virtual Private Network (VPN), Remote Desktop Protocol (RDP), RDWeb, RD Gateway, or other remote access (Yes, No or N/A - No Remote Access Allowed
-
Network / cloud administration or other privileged user accounts (Yes, No or On administrative accounts and all cloud services where supported)
-
-
Does company require a secondary means of communication to validate the authenticity of funds transfers (ACH, wire, etc.) requests before processing a request in excess of $25,000? (Yes/No answer)
Technology E&O questions
(can be added to any qualifying cyber policy and only needs to be answered if Technology E&O is quoted)
-
Question 1: Within the last 3 years has the company been subject to a dispute or claim arising from a technology error or omission in excess of $25,000? (Yes/No answer)
-
Question 2: Is the company operating as a managed service provider (MSP), or does the company participate directly in or sell technology products/services designed for any of the following industries?
- Adult Entertainment
- Automotive
- Aviation
- Blockchain
- Cannabis
- Cryptocurrency
- Financial Services
- Gambling
- Healthcare
- Internet of Things
- Military/Defense
- Payment Processing
- Point of Sale (POS) Software/Hardware/Reseller
- Professional Services (Legal,Medical, A&E, or other licensed professional services)
-
Question 3 : Please describe the company’s use of technology in delivering its product and/or services.
-
Question 4: How often are the company's services provided by written agreement or contract? (Select the option most accurately describing the company)
- a) 100% of agreements or contracts
- b) 50% or more of agreements or contracts
- c) Less than 50% of agreements of contracts
- d) 0% of agreements or contracts
-
Question 5: Identify the standard risk mitigating clauses or methods contained within the company's agreements or contracts (select those that apply):
- Customer acceptance / final sign off
- Disclaimer of warranties
- Hold harmless agreements that benefit the company
- Limitation of liability
- Exclusion of consequential damages
- Indemnification clause
- Binding mandatory arbitration
- Project phases / milestones
If you'd like to gather the cyber information from your client before completing the application, feel free to download the questionnaire below (both US and Canadian versions available).
* PCI = Payment Card Information
** PII = Personally Identifiable Information
*** PHI = Protected or Personal Health Information