Request A Quote | Cyber Insurance Step 1 of 5 20% Business DetailsPolicyholder / Business Name(Required) Business Activity, Industry or Profession(Required) Australian Business No. (ABN)(Required) Address(Required) Street Address Address Line 2 City State Post Code AfghanistanAlbaniaAlgeriaAmerican SamoaAndorraAngolaAnguillaAntarcticaAntigua and BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBonaire, Sint Eustatius and SabaBosnia and HerzegovinaBotswanaBouvet IslandBrazilBritish Indian Ocean TerritoryBrunei DarussalamBulgariaBurkina FasoBurundiCambodiaCameroonCanadaCape VerdeCayman IslandsCentral African RepublicChadChileChinaChristmas IslandCocos IslandsColombiaComorosCongoCongo, Democratic Republic of theCook IslandsCosta RicaCroatiaCubaCuraçaoCyprusCzechiaCôte d'IvoireDenmarkDjiboutiDominicaDominican RepublicEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEswatiniEthiopiaFalkland IslandsFaroe IslandsFijiFinlandFranceFrench GuianaFrench PolynesiaFrench Southern TerritoriesGabonGambiaGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuernseyGuineaGuinea-BissauGuyanaHaitiHeard Island and McDonald IslandsHoly SeeHondurasHong KongHungaryIcelandIndiaIndonesiaIranIraqIrelandIsle of ManIsraelItalyJamaicaJapanJerseyJordanKazakhstanKenyaKiribatiKorea, Democratic People's Republic ofKorea, Republic ofKuwaitKyrgyzstanLao People's Democratic RepublicLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacauMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall IslandsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesiaMoldovaMonacoMongoliaMontenegroMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiueNorfolk IslandNorth MacedoniaNorthern Mariana IslandsNorwayOmanPakistanPalauPalestine, State ofPanamaPapua New GuineaParaguayPeruPhilippinesPitcairnPolandPortugalPuerto RicoQatarRomaniaRussian FederationRwandaRéunionSaint BarthélemySaint Helena, Ascension and Tristan da CunhaSaint Kitts and NevisSaint LuciaSaint MartinSaint Pierre and MiquelonSaint Vincent and the GrenadinesSamoaSan MarinoSao Tome and PrincipeSaudi ArabiaSenegalSerbiaSeychellesSierra LeoneSingaporeSint MaartenSlovakiaSloveniaSolomon IslandsSomaliaSouth AfricaSouth Georgia and the South Sandwich IslandsSouth SudanSpainSri LankaSudanSurinameSvalbard and Jan MayenSwedenSwitzerlandSyria Arab RepublicTaiwanTajikistanTanzania, the United Republic ofThailandTimor-LesteTogoTokelauTongaTrinidad and TobagoTunisiaTurkmenistanTurks and Caicos IslandsTuvaluTürkiyeUS Minor Outlying IslandsUgandaUkraineUnited Arab EmiratesUnited KingdomUnited StatesUruguayUzbekistanVanuatuVenezuelaViet NamVirgin Islands, BritishVirgin Islands, U.S.Wallis and FutunaWestern SaharaYemenZambiaZimbabweÅland Islands Country Trading Names/Affliates(Required) Websites Are you exempt from stamp duty?(Required) Yes No Please provide your estimated Revenue for the coming 12 month period by region, and indicate in which territories you are located.Are you located in Australia/NZ?(Required) Yes No Revenue in Australia/NZAre you located in EU/UK?(Required) Yes No Revenue in EU/UKAre you located in USA?(Required) Yes No Revenue in USAAre you located in the Rest of the World?(Required) Yes No Revenue in Rest of the WorldTotal Revenue Revenue1. Estimated annual total number of transactions and records(Required)Combined number of client/customer records and total number of credit card transactions.0 - 10,00010,001 - 25,00025,001 - 50,00050,001 - 75,00075,001 - 100,0002. Do you comply with your relevant PCI DSS obligations?(Required)YesNoDon't knowN/A - We are not subject to PCI DSS3. What percentage of your Total Revenue is from online or e-commerce activities?(Required)Please enter a number from 0 to 100.4. Number of full time employees(Required)1 - 1011 - 2021 - 3031 - 5051 - 1005. Do you have a Notifiable Data Breach plan in place and otherwise comply with The Privacy Act 1988?(Required)YesNoDon't KnowN/A - We are not subject to the Privacy Act6. Do you have a Data Protection/Privacy policy?(Required)YesNoDon't knowN/A - We are not subject to the Privacy Act7. Do you have firewalls protecting your own and customer/client data?(Required)YesNoDon't know8. Do you protect all Personally Identifiable Information and other sensitive data through Encryption?(Required)Yes, info encrypted at rest on our network, in transit and when backed-upYes, info encrypted in transit and when backed up but not when at rest on our networkYes, info encrypted but ONLY in specific limited scenariosNo, info not encrypted whatsoever9. Do you outsource the handling of any Personally Identifiable Information?(Required)YesNoDon't know10. Do you use up-to date antivirus/spyware and malware software?(Required)Yes, updated daily or automatically upon releaseYes, updated on a weekly to monthly basisNoDon't know11. Are all mission/business critical systems and data information assets backed up and stored at another location?(Required)Yes, backed up dailyYes, backed up weekly or less frequentlyNoDon't know12. Has an independent party completed an audit of your system/data security?(Required)YesNoDon't know13. If your IT network failed, which of the following would best describe the impact to your operations and revenues?(Required)Inconvenience, very minimal revenue impact and operations could continue temporarilyRevenues would NOT be impacted immediately, and only slightly when impactedRevenues would NOT be impacted immediately, but significantly when impactedRevenues would be impacted immediately but only slightlyRevenues would be impacted immediately and significantlyOperations and revenues would be entirely interrupted14. Do you have written data security policies and procedures communicated to all employees, and do employees receive annual security awareness training?(Required)Yes, both written policies plus annual security awareness trainingWritten policies but no employee security awareness trainingEmployee security awareness training but no written security policiesNoDon't know15. Are you aware of any claims, circumstances, privacy breaches, viruses, DoS / DDoS, or hacking incidents which have impacted, or could adversely impact your business?(Required)YesNoIf yes, please provide details including costs incurred and any remedial action taken Is your Estimated Revenue >$25m?(Required) Yes No For Businesses with an Estimated Revenue of Over $25m1. Describe the type of information in records held by you:(Required)Tick all that apply Customer info (e.g., Name, Address, E-Mail Address, Phone, etc.) Credit card details Personal Identity info (e.g., Drivers License, TFN, Passport #, Gov’t ID) Confidential 3rd party trade secrets or IP (Intellectual Property) Banking or Financial details Medical or Healthcare data 2. Do you have a dedicated person responsible for your IT infrastructure, data security and privacy?(Required) Yes, full time IT Manager, Chief Information Security Officer (CISO) or similar Outsourced - IT contractor provides a full time dedicated person No, responsibility is shared amongst Legal, HR and other departments No I don't know 3. Do you have a Disaster Recovery Plan (DRP) and/or Business Continuity Plan (BCP) in place and has this been tested in the last 18 months?(Required) Yes, current and tested Yes, but not tested in the past 18 months Yes, but not ever tested No 4. Does your network include contingency / redundancy / resilience of any description, to mitigate system interruptions or failures (such as mirrored infrastructure, failover mechanisms, warm or hot replicated sites or similar)?(Required) Yes, multiple aspects Yes, but just one aspect No 5. Do you control / limit / monitor your employees’ ability to remove data or information from your network / office (examples include USB drive security)?(Required) Yes, for data and physical information Yes, for physical information only Yes, for data only No 6. Does your website use Web Apps?(Required) Yes No I don't know N/A - we do not have a website 7. Do you use monitored Intrusion Detection or Intrusion Prevention Systems (IDS/IPS)?(Required) Yes No I don't know 9. Have you had any unforeseen down time to your website or IT network of more than 12 hours?(Required) Yes No If yes, please provide details7. Do you use monitored Intrusion Detection or Intrusion Prevention Systems (IDS/IPS)?(Required) Yes No If yes, please provide detailsE-MAIL, RDP, O3651. Do you authenticate inbound email?(Required)If Yes, indicate how. If no, tick No. DMARC DKIM SPF No I don't know 2. Do you scan and filter inbound emails for malicious content (e.g., executable files)?(Required) Yes No I don't know 3. Does all remote access to your network and corporate email require multifactor authentication (MFA)?(Required) Yes No I don't know 4. Do you train end users against phishing and social engineering threats via ongoing campaigns and assessments?(Required) Yes, Annually Yes, Quarterly Yes, Monthly No I don't know 5. Have you disabled remote desktop protocol(RDP)?(Required) Yes No I don't know If No, have you implemented any of the following: VPN MFA RDP Honeypots None of these 6. Do you use O365 or Microsoft 365 in your organisation?(Required) Yes No I don't know Indicate if any of the following have been implemented: MFA Macros disabled by default ATP Which product do you use for email monitoring (e.g. Proofpoint): Backups7. Do you take regular backups of critical data?(Required) Yes No I don't know If Yes, how frequently? Daily Weekly Monthly Other 8. Do you keep a copy of critical backups offline, segregated from and inaccessible to your network?(Required) Yes No I don't know 9. Where do you store backups? Cloud Offline At a Secondary Data Centre In a separate network segment 10. Which of the following have been implemented to secure the backup environment? Encryption Segmentation Vaulted Credentials MFA None of these 11. Do you use any commercial backup solutions (e.g. Commvault)?(Required) Yes No I don't know If Yes, Which product(s) do you use: I don't know Other 12. Does your backup strategy include the use of immutable technologies?(Required) Yes No I don't know 13. Is the integrity of these backups and your recovery plans regularly tested?(Required) Yes No I don't know Perimeter defence & privileges14. Do you use an endpoint protection product (EPP)?(Required) Yes No I don't know If Yes, Which product(s): I don't know Other 15. Have you deployed an endpoint detection and response (EDR) tool that covers 100% of Servers and Endpoints?(Required) Yes - Servers Yes - Endpoints No I don't know If the EDR tool offers AI/automated rules-based enforcement, has this been enabled? I don't know Other If Yes, Which product(s): Yes No I don't know N/A 16. Do you operate a SIEM monitored 24/7/365 by an internal SOC or MSSP?(Required) Yes No I don't know 17. Do you enforce a BYOD (Bring Your Own Device) policy that ensures critical data is encrypted when transferred to portable media devices (USBs, Laptops etc)?(Required) Yes No I don't know 18. Do you allow local administrator rights on workstations?(Required) Yes No I don't know 19. Do administrative/privileged accounts utilise a privilege access management (PAM) tool (e.g. CyberArk)?(Required) Yes No I don't know If Yes, which product do you use? I don't know Other Incident response plan20. Does your incident response plan (IRP) specifically address ransomeware scenarios?(Required) Yes No I don't know We don't have an IRP Please detail below along with mitigating comments:Please outline any additional controls your organisation has in place to mitigate the (e.g. tagging of external emails, use of unique credentials, vulnerability scanning, etc.): Cyber Event Protection Optional CoversContingent Business Interruption1. Do you want Optional Cover for Contingent providers and supplies.(Required)YesNo2. Tell us about your critical components, service providers and supplies.(Required)All critical components, services and supplies are readily available from multiple sourcesSubstitutes can be available within 10 daysLonger than 10 days for substitutes to be availableI don't knowSubstituting components, services or supplies is not possibleCriminal Financial Loss1. Do you want Optional Cover for Criminal Financial Loss?(Required)Includes Cyber Theft, Telephone Phreaking, Identity-based Theft and Cryptojacking. Does not include Socially Engineered Theft unless selected below.YesNo2. Aggregate Limit for Criminal Financial Loss$10,000$25,000$50,000$75,000$100,0003. Do you want to include cover for Socially Engineered Theft?(Required)YesNo4. Sublimit for Socially Engineered TheftThe sublimit for Socially Engineered Theft cannot be greater than the aggregate limit for Criminal Financial Loss.$5,000$10,000$15,000$20,000$25,0005. Do you require passwords to be changed regularly (at least quarterly)?(Required)YesNoDon't know6. Do you allow remote access to your internal network?(Required)YesYes, with dual authenticationNoDon't know7. Are all new payees, and changes to existing payees’ banking details, double authenticated with the payee?(Required)YesNoDon't know8. Do transfers > $10,000 require dual signature or supervisor / manager sign off?(Required)YesNoDon't know9. Are you entrusted with or in control of funds from a 3rd party, or do you provide any of the following services for others?(Required)Tick all that apply Collection or payment processing Asset, investment or trust management services Cash management or other treasury functions Other office functions No If ‘Other’, please provide details11. Have you ever suffered a Crime, Fidelity or Computer Crime loss?(Required)YesNoIf yes, please provide detailsTangible Property1. Do you want Optional Cover for Tangible Property?YesNo2. Aggregate Limit for Tangible Property$5,000$10,000$15,000$25,000$50,000Joint Venture and Consortium Cover1. Do you want Optional Cover for your liability from Joint Ventures or Consortia? If Yes, provide the name(s) of the Joint Venture or Consortium.(Required)YesNoNOTE: You must also include your share of revenue from the JV or consortium for the coming 12 months in your Estimated Total Revenue.Please specify your preferred excess, indemnity period and aggregate limitExcess(Required)$250$1,000$2,500$5,000$10,000Section A Indemnity Period(Required)30 days60 days90 days180 days365 daysPolicy Aggregate Limit(Required) $250,000 $500,000 $1,000,000 $2,000,000 $3,000,000 $4,000,000 $5,000,000 $10,000,000 Other Other Insurance RequirementsAre you interested in any other types of Business Insurance? Business Insurance Multimedia & Entertainment Liability Cancellation and Abandonment Compulsory Third Party (CTP Green Slip) Construction Aviation Contaminated Products Liability Expatriate Medial Expenses Group Personal Accident Commercial Motor Vehicle Commercial Strata Corporate Travel Environmental Impairment Liability Workers Compensation Farm Insurance Fine Art Machinery Breakdown Legal Expenses IT Liability & Multimedia Marine Transit Marine Hull, Protection & Indemnity Management Liability Trade Credit Medical Malpractice Are you interested in any other types of Personal Insurance? Boat Insurance Car Insurance Caravan Insurance Residential Strata Insurance Home & Contents Insurance Landlord Insurance Leisure Travel Insurance Pet Insurance How did you hear about us? Google Search Social Media Referral Existing Customer Other Referred by Any other comments Important Information It is important that you read and understand the following.Claims made noticeBefore you enter into an insurance contract, you have a duty to tell us anything that you know, or could reasonably be expected to know, may affect our decision to insure you and on what terms. You have this duty until we agree to insure you. You have the same duty before you renew, extend, vary, continue under similar insurance or reinstate an insurance policy. You do not need to tell us anything that: – reduces the risk we insure you for; or – is common knowledge; or – we know or should know as an insurer; or – we waive your duty to tell us about. If you do not tell us anything you are required to, we may cancel your policy or reduce the amount we will pay you if you make a claim, or both If your failure to tell us is fraudulent, we may refuse to pay a claim and treat the policy as if it never existed. I/we acknowledge that: 1. I/We have read and understood the important information provided on the last page of this document in the Important Information section. 2. I/We are authorised by all those seeking insurance to make this Proposal, and declare all information on this Proposal and any attachment is true and correct. 3. I/We authorise the underwriter to give to, or obtain from, other insurers or any credit reference service, any information relating to insurance held by me/us or any claim in relation thereto. 4. I/We acknowledge that, where answers are provided in the proposal are not in my/our handwriting, I/We have checked and certify that the answers are true and correct.Consent(Required) I agree to the privacy policy.SignatureDate DD slash MM slash YYYY
