|Preferred Method of Contact:|
|Do you currently have cyber insurance?:|
|Has cyber insurance ever been denied or canceled:|
All active domains are required to complete scans of public databases.
|Within the last 3 years has company suffered a cyber incident resulting in a claim or loss in excess of $25,000:|
|Is company aware of any circumstances that could give rise to a claim under this type of insurance policy:|
|Does company accept credit cards or collect Personally Identifiable Information (PII) or Protected or Personal Health Information (PHI) from its customers?:|
|If you collect PII or PHI, how many payment card numbers (credit cards, debit cards, etc.) does company store, process, transmit, or have access to:|
We are looking for the actual number of individual credit cards processed annually or store in your files, not the $ amount of transactions.
|How many customer PII* or PHI** records does the company have:|
|Within the last 3 years has company been subject to any complaints concerning the content of its website, advertising materials, social media, or other publications:|
|Does company have procedures to remove content (including third party content) that is libelous, infringing, or otherwise controversial:|
|Does company have procedures to back up, archive, and restore sensitive data and critical business systems:|
|Does company require dual control when transferring funds in excess of $25,000:|
Examples of Dual Control procedures:
(1) Calling the recipient of the wire transfer to verify the transaction details.
(2) Verifying the transaction with another executive at the company (preferably in writing).
(3) Setting up internal controls within your financial institution. One administrator or user enters or creates a payment (ACH batch, wire transfer), and a second administrator or user is then required to review the payment and approve/release the transaction.