LCP2–Cyber Insurance – Renewal and Ransomware - Application Form
Applicant Name:
Financial Information:
Last Complete Financial Year
Current Year (Estimate)
Next Year (Estimate)
Gross Annual Revenue
Annual Net Income before Taxes
Percentage of Gross Annual Revenue - Payment Card
Percentage of Gross Annual Revenue – Online
Back
Next
Cyber and Privacy Questions
1. Are all servers, firewalls, etc. located in a purpose-built server room with access restricted to appropriate personnel?
Yes
No
2. Do you have an email and internet usage policy that has been shared with all employees?
Yes
No
3. Do you have firewall architecture in place?
Yes
No
4. Do all systems users have individual, mandatory and non-trivial user IDs and passwords with forced periodic password changes?
Yes
No
5. Are all PCs and servers protected with up-to-date anti-virus that is updated regularly?
Yes
No
Back
Next
Data Recovery & Business Interruption Questions
1. Do you have a disaster recovery plan that is tested at least annually
Yes
No
2. What is the time taken in hours to fully restore critical systems?
< 6
6-12
6-12
>24
3. What is the time taken in hours to fully restore non-critical systems?
< 12
12-24
12-24
>36
4. Do you have a business continuity plan that is tested at least annually?
Yes
No
Back
Next
Data Volume Questions
1. What is the total number of Personal Identifiable Information records stored on your networks?
Whether it is encrypted:
Yes
No
2.What is the total number of Social Security Numbers stored on your networks?
Whether it is encrypted:
Yes
No
3. What is the total number of Personal Health Information records stored on your networks?
Whether it is encrypted:
Yes
No
4. How many payment card transactions do you process annually?
Whether it is encrypted:
Yes
No
5. What is the total number of Payment Card records stored on your networks?
Whether it is encrypted:
Yes
No
Back
Next
Email Protection Questions
1. Do you pre-screen e-mails for potentially malicious attachments and links?
Yes
No
2. Do you provide a quarantine service to your users?
Yes
No
3. Do you have sandbox capabilities to automatically evaluate attachments?
Yes
No
4. Do you strictly enforce Sender Policy Framework (SPF) on incoming e-mails?
Yes
No
5. How often is phishing training conducted to all staff?
6. Can users access email through a web-app on a non-corporate device?
Yes
No
6a. If Yes to 6 above, do you enforce Multi-Factor Authentication (MFA)?
Yes
No
7. Do you use Office 365 in your organization?
Yes
No
7a. If Yes to 7 above, do you use Office 365 Advanced Threat Protection?
Yes
No
Back
Next
DataBackup & Recovery Questions
1. Are your backups encrypted?
Yes
No
2. Do you use a cloud syncing service for backups, e.g. Dropbox, OneDrive, SharePoint, Google, etc.)?
Yes
No
3. Within the last six months have you undertaken restoration and recovery testing of key server configurations and data?
Yes
No
4. Do you test the integrity of backups prior to restoration to ensure the backups are free from malware?
Yes
No
Back
Next
Internal System Security Questions
1. Do you use endpoint protection (EPP) across your networks?
Yes
No
2. Do you use endpoint detection and response across your networks?
Yes
No
3. Do you use MFA to protect privileged user accounts?
Yes
No
4. Have you implemented a hardened baseline configuration across servers, laptops, desktops and managed mobile devices?
Yes
No
5. What % of your networks are covered by your scheduled vulnerability scans?
6. Within what timeframe do you install critical and high severity patches?
7. Do you segregate end-of-life or out-of-support hardware and systems?
Yes
No
8. Do any of your users have local admin rights?
Yes
No
9. Do you provide your users with a password manager software?
Yes
No
10. Have you established a Security Operations Centre (SOC)?
Yes
No
Please describe any additional steps your organization takes to detect and prevent ransomware attacks (e.g. segmentation of your network, additional software tools, external security services, etc.)
Name
First Name
Last Name
Signature
Position:
Date
-
Month
-
Day
Year
Date
Submit
Should be Empty: