PLEASE COMPLETE YOUR CYBER INSURANCE ASSESSMENT BELOW

Cyber Security Application

Personal Contact Information

Please enter the personal contact details of the applicant.


Security Contact Details

Please enter the contact details of the person who would deal with any cyber incidents.


General Business Information

General business and turnover information.


Please outline the proportion of revenue (in percentage terms) that your business receives from each Australian state or internationally. Note that we are asking this estimate for the purpose of correctly calculating stamp duty.

As an example; if 100% of your clients are based in NSW the below response would be 100% for that state.

The total of all figures should equal 100 (as displayed in the "Total" box at the bottom of this section).

Loss History

History and details of any previous cyber incidents.


Question 1 - Previous Cyber Incidents

During the past three years, did the Named Insured experience a cyber incident, claim or loss, whether insured or not, which could have been covered under a policy similar to the proposed insurance, this includes but is not limited to any:

  1. actual or reasonably suspected data breach or security failure, including notifying consumers or third parties of a data breach or security failure;

  2. claims or complaints with respect to privacy injury, breach of information or network security, unauthorised disclosure of information, defamation, or content infringement;

  3. government action, investigation, or subpoena regarding any alleged violation of a privacy law or regulation; or

  4. actual or attempted extortion demand with respect to (insured’s) data or computer systems.

  5. subject to any complaints concerning the content of its website, advertising materials, social media, or other publications?

Question 2 - Relevant Information

Does the Named Insured have knowledge or information regarding any fact, circumstance, situation, or event that could reasonably give rise to a claim or loss under the proposed insurance?

Security Controls

Some description about this section

Question 3 - Backups

Does the Named Insured maintain at least weekly backups of all sensitive or otherwise critical data and all critical business systems offline or on a separate network?

Question 4 - Multi-Factor Authentication

For which of the following services does the Named Insured enforce Multi-Factor Authentication (MFA)?

*Multi-factor authentication (MFA) is an extra step of identity check required before gaining access to an account which requires a login. For example; you may have experienced receiving a text message code to validate an online login or receive a prompt from an app installed to your phone, confirming it is you trying to login.

4A    Email

*Most email providers have the ability for this function to be set up without adding any additional expense. Most commonly, the way you can verify your identity is by confirming a code received via a phone message or through having an authenticator application downloaded on your phone.

4B    Virtual Private Network (VPN)

*A VPN is a secure private network which allows a connection from a computer or laptop to a remote server, which creates an encrypted passage as a connection.

4C    Remote Desktop Protocol (RDP), RDWeb, RD Gateway, or other remote access

*Remote desktop protocols are the ability to login to your server/computer from another computer which may not be a part of the business. This became a common way for employees to work from home in recent years.

If your business does not have remote access, please select "N/A" as the response to this question.

4D    Network / cloud administration or other
privileged user accounts

*Network / cloud administration or other privileged user accounts, refers to the place where your information is backed up, or where the businesses most sensitive data is kept.

Question 5 - Validations

Does the Named Insured require a secondary means of communication to validate the authenticity of:

5A    Funds transfer requests before processing a request in excess of $5,000?

*If this is not a step you take due to the size of your business (for example; sole traders), please select "N/A" as the response to this question.

5B    Any request to change banking details?

*When a customer or third-party contacts you and advises a change of account details, do you call to verify they are correct? This step can protect against hackers attempting to divert funds into their own accounts?

Declaration and Form Submission

Please read and confirm your acceptance of the Notice and Declaration below.


Important Notice

Before a contract of insurance is entered into, the applicant is required to give a fair presentation of the risk in accordance with the Insurance Contract Act 1984. We will rely on this information in deciding whether to offer insurance, setting the terms and for setting the premium.

You must disclose every material circumstance which you know or ought to know, or failing that, make a disclosure which gives us sufficient information to put a prudent insurer on notice that it needs to make further enquiries for the purpose of revealing those material circumstances. Such disclosure must be made in a manner which would be reasonably clear and accessible to a prudent insurer and following a reasonable search of information held within your organisation or held by any other person or third party.

A circumstance or representation is material if it would influence the judgement of a prudent insurer in determining whether to take the risk and, if so, on what terms. If you have any questions regarding your duty to make a fair presentation of the risk, then you should contact your insurance broker for further information.

Declaration

I/we declare that I/we have made a fair presentation of the risk. This declaration is signed by a director or officer who is authorised to arrange insurance on behalf of the Named Insured.

STAY CONNECTED

Disclaimer: Applicable to Australian residents only. The information on this site is for general information purposes only and does not take into account your particular needs and objectives. For appropriate advice you should contact our office to determine which products and services are most appropriate for your needs. As the website does not include full details of any products referred to, you should read the respective policy wording that can be made available on request. We will not be liable to any individual or organisation for any damages whatsoever arising out of the use of the site.

© JMD Ross 2023 | ABN 59 001 706 289 | AFS Licence No 238356