CYBER LIABILITY COVERAGE INDICATION REQUEST FORM
 
 
 
This Cyber Liability entity coverage is designed for:
  • Members in VT and U.S. territories
 
 
 
 
 
I. GENERAL INFORMATION
 
 
 
 
Entity Name
 
 
 
 
Address*
 
 
City*
 
 
 
State*
 
 
ZIP Code*
 
 
 
Description of Operations*
 
 
 
Applicant Contact Person (First and Last Name)*
 
 
 
Applicant Contact Email Address*
 
 
 
Applicant Website*
 
 
 
Custodian*
 
 
 
Applicant Phone Number*
 
 
 
 
 
 
II. REVENUES
 
 
 
 
Indicate the following as it relates to the Applicant's fiscal year end (FYE)*
 
 
 
 
 
 
III. NETWORK SECURITY SYSTEM
 
 
 
 
Do "You", or an outsourced firm, back up your data and systems at least once a week, and store these backups in an offsite location?*
 
Yes
No
 
 
If yes, can "You" recover all of your business-critical data and systems within 10 days?
 
Yes
No
 
 
 
 
 
Do "You" have anti-virus software and firewalls in place that are regularly updated (at least quarterly)?*
 
Yes
No
 
 
 
 
 
Do "You" have Remote Desktop Protocol (RDP) (or any other type of remote access to desktops or servers or applications) enabled?*
 
Yes
No
 
 
If yes, do "You" utilize Multi-Factor Authentication (MFA) when accessing all desktops or servers or applications remotely?
 
Yes
No
 
 
 
 
 
After inquiry of the "Control Group", as defined, are "You" aware of any or have any grounds for suspecting circumstances which might give rise to a claim?*
 
Yes
No
 
 
 
 
 
Within the last 5 years, has "Your Organization" suffered any system intrusions, tampering, virus or malicious code attacks, loss of data, loss of portable media, hacking incidents, extortion attempts, or data theft, resulting in a claim in excess of $25,000 that would be covered by this insurance?*
 
Yes
No
 
 
 
 
 
If the "Applicant" represents a Healthcare organization, Financial Institution or Legal Services (consumer) then the following question MUST be answered:
 
Do "You" have a written policy which requires that personally identifiable information stored on mobile devices (e.g. laptop computers/smartphones) and portable media (e.g. flash drives, back-up tapes) be protected by encryption?
 
Yes
No
 
 
 
 
 

* With respect to the information required to be disclosed in response to the questions above, the proposed insurance will not afford coverage for any claim arising from any fact, circumstance, situation, event or act about which any member of the “Control Group” of the “Applicant” had knowledge prior to the issuance of the proposed policy, nor for any person or entity who knew of such fact, circumstance, situation, event or act prior to the issuance of the proposed policy.

"Control Group" means:
The board members, executive officers, Chief Technology Officer, Chief Information Officer, Risk Manager and General Counsel or their functional equivalents of “Your Organization”. This does not include any administrative staff who work in the offices of these named positions.

 
 
 
 
 
IV. CYBER DECEPTION
 
 
 
 
Does the “Applicant” have procedures in place requiring two people, processes, or devices to verify any changes in transfer details and obtain authorization when transferring funds in excess of $10,000 to external parties?*
 
Yes
No
 
 
 
 
 
Does the Applicant provide training for staff members who transact funds in excess of $10,000 externally?*
 
Yes
No
 
 
 
 
 
Does the Applicant have a call-back verification process when making changes to or setting up new payment instructions to a third party?*
 
Yes
No
 
 
 
 
 
Have there been any losses for a "Cyber Deception Event" in the past year in excess of $10,000?*
 
Yes
No
 
 
 
 
 
After inquiry of the "Control Group", as defined, have there been any claims or circumstances arising from "Cyber Deception Events" which may give rise to a claim that could be covered by the Cyber Deception coverage being applied for?*
 
Yes
No
 
 
 
 
 

Please note that the Cyber Deception Coverage applied will not attach to those matters identified above that are claims or may be reasonably expected to give rise to a claim, under the Cyber Deception Coverage. "Cyber Deception Event" means:

  1. The good faith transfer by "You" of "Your Organization's" funds or the transfer of "Your Goods", in lieu of payment, to a third party as a direct result of a "Cyber Deception", whereby "You" were directed to transfer "Goods" or pay funds to a third party under false pretences; or
  2. The theft of "Your Organization’s" funds as a result of an unauthorized intrusion into or "Security Compromise" of "Your" "Computer System" directly enabled as a result of a "Cyber Deception".

"Control Group" means:
The board members, executive officers, Chief Technology Officer, Chief Information Officer, Risk Manager and General Counsel or their functional equivalents of “Your Organization”. This does not include any administrative staff who work in the offices of these named positions.

REQUIRED FRAUD WARNING LANGUAGE:

It is a crime to knowingly and intentionally attempt to defraud an insurance company by providing false or misleading information or concealing material information during the application process or when filing a claim. Such conduct could result in your policy being voided and subject you to criminal and civil penalties.