Form cover
Page 1 of 1

All-Questions Cyber Insurance Proposal Form

COMPANY DETAILS & BACKGROUND

Legal Name

Trading Name(s)

ABN/ACN

Year Established

Registered Address

Street Address

City

State

Postcode

Is the policyholder a subsidiary, franchisee, or part of a larger group?

Is the policyholder a subsidiary, franchisee, or part of a larger group?

Primary Website

Exclude https://

Other Website(s)

Primary Industry Activities (% breakdown)

Which of the following are part of your workforce composition?

Which of the following are part of your workforce composition?

Amount paid to contractors

Do contractors carry their own PI, PL and CL?

Number of Directors

Primary Cyber/IT Contact Name

Primary Cyber/IT Contact Email

Primary Cyber/IT Contact Phone

Australian or Overseas Domicile (subsidiaries?)

Has a Director/Officer been convicted or has pending criminal matters?

Has a Director/Officer been convicted or has pending criminal matters?

Is any Director/Officer currently or previously discharged bankrupt?

Is any Director/Officer currently or previously discharged bankrupt?

Has the Proposer ever had a policy declined, cancelled, or renewal refused?

Has the Proposer ever had a policy declined, cancelled, or renewal refused?

FINANCIAL & REVENUE DETAILS

Last Year Turnover

Current Year Estimated Turnover

Next Year Projected Turnover

Gross Profit (Last Year)

Revenue % from eCommerce

Revenue by region

NSW
VIC
ACT
TAS
NT
WA
QLD
SA

Exempt from GST/Stamp Duty?

Exempt from GST/Stamp Duty?

Banking Institutions

You may select multiple options

Any activities undertaken in USA/Canada?

Any activities undertaken in USA/Canada?

Trade in Sanctioned Territories (Iran, Syria, etc.)?

Trade in Sanctioned Territories (Iran, Syria, etc.)?

BUSINESS ACTIVITIES

Describe Products/Services

Planned M&A or expansions (12 months)

Substantial Changes in Operations

Government/Defence Contracts

Government/Defence Contracts

DISP Member / Government Data Handling

DISP Member / Government Data Handling

DATA HANDLING & PRIVACY

Volume of Personal/Health/PCI Records

If >300k records, describe type

Process Data for Third Parties?

Process Data for Third Parties?

PCI data (# of transactions)

Encryption (at rest, in transit, etc.)

Data Classification & Retention Policy

Purge Frequency of Old Records

IT INFRASTRUCTURE

Environment (on-prem, cloud, hybrid)

Environment (on-prem, cloud, hybrid)

Server/Device Count

Major IT Projects (12 months)

Security Officer Name

Security Officer Role

Annual IT Budget

% allocated for Security

No. of IT Staff

No. that are Security-Dedicated

Any EOL software?

Patch Management & Timelines

NGFWs, Vulnerability Scans, Pen Tests

ENDPOINT, AUTHENTICATION & EMAIL SECURITY

Endpoint Protection (AV/EDR): Products, % Coverage

MFA for Admin, Remote Access, Email, Backups?

Email Filtering / Anti-Phishing / Simulations

Identity & Access Management Strategy

BACKUP, BCP & DISASTER RECOVERY

Backup Strategy (Frequency, Offline Copies, Testing)

Business Continuity/Disaster Recovery Plan in place?

Revenue Impact if Systems are Down (6/12/24/48hrs)

OUTSOURCING & THIRD-PARTY RISKS

Critical Vendors (MSPs, Hosting, Payments, etc.)

Do Vendors Hold Their Own Insurance/Indemnity?

Any Hold-Harmless or Liability Waivers Signed?

Vendor Security/Compliance Reviews? By Whom?

GOVERNANCE, POLICIES & COMPLIANCE

Information Security Policy (Board Approved)?

Compliance Standards (NDB, GDPR, PCI-DSS, etc.)

Privacy Breaches or Fines in Last 5 Years?

ISO27001 / SOC2 / Other Security Certifications

SOCIAL ENGINEERING & FRAUD

Frequency of Staff Training on Phishing & Social Engineering

Dual Approval for Payments / Wire Transfers?

Social Engineering / Phishing Simulations Run?

INCIDENT & CLAIMS HISTORY

Cyber Incidents / Breaches / Extortion / Outages (Last Five Years)

Regulatory Fines / Investigations (Last Five Years)

Are there known circumstances likely to lead to a claim?

Remedial Actions Taken (Post-Incident)

CURRENT CYBER POLICY & EXTRA QUESTIONS

Do you currently hold a Cyber Insurance Policy?

Do you currently hold a Cyber Insurance Policy?

DECLARATION, NOTICES & PRIVACY STATEMENT

Duty of Disclosure

Under the Insurance Contracts Act 1984 (Cth), you must disclose all relevant matters that a prudent insurer would want to know.

Privacy & Consent

We collect, store and use your data in accordance with the Privacy Act 1988 and our Privacy Policy. By submitting this form, you agree to these terms and confirm that you have obtained consent to share details of other individuals if applicable.
Cyber Threat Insure needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.

Declaration

I/We declare that all information provided is true, accurate, and complete. I/We understand that this form will form part of any policy issued. I/We undertake to notify of any changes before policy commencement.
Declaration

Signature

Signature

First Name

Last Name

Email

Job Title

Date Signed