PSA Insurance & Financial Services ProTech Cyber App

Version 1.2 June 2021

 

Basic Company Information

1. Company Name: 2. Year Established

3. Address:

4. Website:

5. Annual Revenue (Prior Year, Current Year or Projected is acceptable):

6. In what regions do you operate? United States Other (please list):

7. Business Type Public Private Not for Profit

8. Authorized Officer (signing this application):

Email:

Title:

Phone:

9. Number of Full Time Employees:

10. Total number of part-time employees (if any):

11. What is your primary industry?

12. Do you primarily provide: Products Services Other:

13. Please list any person or entity you would like to cover under this policy other than your employees? (Such as joint ventures with more than 50% ownership, vendors, independent contractors, etc.)

 

Cyber Insurance Policy Information

1. Desired Policy Effective Date:

2. Does your organization currently purchase cyber insurance?

Yes No – proceed to question 3

a. Current Cyber Insurance Carrier:

b. Policy Aggregate Limit: c. Deductible/Retention:

 

3. I am interested in a cyber insurance quote for the following options (if not sure leave blank):

a. Option 1: $ Aggregate Limit $ Deductible/Retention

b. Option 2: $ Aggregate Limit $ Deductible/Retention

c. Option 3: $ Aggregate Limit $ Deductible/Retention

Manufacturing Example

$20,000,0000

30

Manufacturing

None

January 1, 2023

1,000,000

3,000,000

✔ ✔

10,000

10,000

✔

2,000,000 10,000

2001

 

 

ProTech Cyber App v 1.2 2

Payment Card Processing

1. Do you process credit, debit card or gift card payments (If you answer no to this question please proceed to next section B)

Yes No

2. Estimated number of credit card transactions processed annually? Enter # Here:

3. What is your PCI-DSS Merchant Level: 1 2 3 4 Not Sure

4. Are you PCI Compliant Yes No N/A If yes what is your certification date:

5. Do you use a 3rd party or service provider to process payments? Yes No

a) If yes, please list vendor names:

b) Are all vendors PCI-DSS and or PA-DSS compliant? Yes No Not Sure

Sensitive Data

What kind of sensitive data do you store, process or handle:

Stored Credit/Debit Card Info

Yes No

Employee Info (SSN, Health Insurance, HR, Etc.)

Yes No

Bank Accounts & Financial Info

Yes No

Non-Employee SSN or PII

Yes No

Non-Employee Medical/Health Insurance Information

Yes No

If YES are you HIPAA Compliant?

Yes No N/A

Confidential Business Info

Yes No

Other (User Name & Passwords, Biometric, IP Address, Demographic Info, etc.):

Yes No Describe:

Sensitive Personal Data Record Count (e.g. How many individuals could be identified by the data you hold?): Provide an estimated range of unique individuals (current clients, inactive clients, employees past/present, etc.) that could be identified by the sensitive personal data you collect, manage or store (physically & electronically) or entrust to a cloud service provider or 3rd party? Click on the appropriate button below.

0 – 99 100 – 1,999

2,000 – 4,999

5,000 – 14,999 15,000 – 29,999

30,000 – 59,999

60,000 – 99,999

100,000 – 299,999

300,000 – 499,999

500,000 – 999,999

1M + 2M + 3M + Other:

Confidential Business Information (e.g. information protected by a Non-Disclosure Agreement, mutual understanding, contractual requirement, etc.): Click on the button below that most closely represents the estimated range of confidential business data you collect, manage or store (physically & electronically) or entrust to a cloud service provider or 3rd party?

0 – 99 100 – 1,999

2,000 – 4,999

5,000 – 14,999 15,000 – 29,999

30,000 – 59,999

60,000 – 99,999

100,000 – 299,999

300,000 – 499,999

500,000 – 999,999

1M + 2M + 3M + Other:

Total Estimated Sensitive Data Record Range (sum of selections from questions 1 & 2) =

100

Stripe

2,000

 

 

ProTech Cyber App v 1.2 3

Cybersecurity & Media Controls

1. Does your organization regularly backup critical data?

How often do you backup critical data? How long do you retain backups?

Yes No

2. Do you have a process to review blogs, social posts and other content before posted? Yes No N/A

3. Have all trademarks, domain names, logos and other service marks been screened to ensure they do not infringe on the intellectual property rights of others?

Yes No N/A

4. Do all employees participate in regular (at least annual) cybersecurity awareness training? Yes No

5. Who manages cybersecurity for your organization?

Internal Cyber/IT Professional External Cyber/IT Consultant Internal Other Title (CFO, CEO, COO, etc):

6. Are all workstations protected with up to date antivirus software? Yes No

7. Do you use cybersecurity technology, such as Firewalls, to protect your corporate network? Yes No

8. Do you use: Intrusion Detection Technology Yes No IP/URL Filtering technology Yes No

9. Are endpoints (laptops/desktops used by employees for business purposes) protected with Endpoint Detection & Response (EDR), Secure Access Service Edge (SASE), or other technology over and above antivirus software?

Yes No

10. Do you regularly check for security patches/updates to your systems (software, hardware, cloud applications, etc.) and patch according to provider recommendations?

Yes No

11. Do you encrypt sensitive data:

At Rest Yes No In Transit Yes No On Mobile Devises Yes No In the Cloud Yes No

12. Is Multi-Factor Authentication used for (check all that apply):

Email Remote Access/VPN Essential Cloud/SaaS Business Applications

13. Please let us know what network/data/cybersecurity policies you currently have in place (select all that apply):

Acceptable Use Backup & Retention Privacy Policy

Data Security Policy Network Security Document Retention & Destruction

Risk Assessment & Management Vendor Due Diligence Bring Your Own Device (BYOD)

Disaster Recovery Business Continuity Cyber Incident Response Plan

14. Does your organization comply with any cybersecurity industry standards or frameworks? Yes No

If yes please provide name of standard(s), framework(s) or description:

weekly 30 days

✔

✔ ✔

✔ ✔ ✔

✔

✔

We have several contracts with the Department of Defense and through this we are required to be CMMC compliant. We are CMMC Level 1 compliant, but are working on additional controls now.

 

 

 

ProTech Cyber App v 1.2 4

Cybercrime Controls

1. Do you have a policy in place where all changes to client or vendor payment instructions are authenticated by a method other than email?

Yes No

2. Does Applicant verify all vendor and supplier bank accounts by a direct call to the receiving bank, prior to accounts being established in the accounts payable system?

Yes No

3. Is approval by more than one person required to initiate a wire transfer? Yes No

Claims and Loss History

1. Have you experienced a theft or unintended release, disclosure or loss of protected records in the past three years?

Yes No

2. Have any claims, suits or proceedings been made during the past three years against you or any of your predecessors in business or subsidiaries for which coverage would be available under a policy applicable to Errors & Omissions or Network Security and Privacy Liability?

Yes No

 

3. Are you aware of any information, facts, circumstances or incidents that could result in a claim against the policy for which you are applying?

Yes No

4. If you answered “yes” to these questions, please use the space below to provide additional information in the notes section at the end of this application.

 

Fraud Warning

By signing this application, the applicant warrants to the company that all statements made in this application and attachments hereto about the applicant and its operations are true and complete, and that no material facts have been misstated or misrepresented in this application, suppressed or concealed. The undersigned agrees that if after the date of this application and prior to the effective date of any policy based on this application, any occurrence, event or other circumstance should render any of the information contained in this application inaccurate or incomplete, then the undersigned shall notify the company of such occurrence, event or circumstance and shall provide the company with information that would complete, update or correct such information. Any outstanding quotations may be modified or withdrawn at the sole discretion of the company.

Completion of this form does not bind coverage. The applicant’s acceptance of the company’s quotation is required before the applicant may be bound and policy issued. The applicant agrees that this application, if the insurance coverage applied for is written, shall be the basis of the contract with the insurance company, and deemed to be part of the policy to be issued as if physically attached thereto. The applicant hereby authorizes the release of claims information from any prior insurers to the company. Signatures

Authorized Signature: Print Name & Title:

Date (MM/DD/YY):

Email:

 

Phone:

 

 

 

 

 

ProTech Cyber App v 1.2 5

Notes: