Skip to content
CALL US:
(626) 332-2258
Request a Quote
Menu
Insurance Brokers, Inc.
Home
Our Team
Specialty Nonprofit
What We Offer
Insurance Applications
General Insurance Application
Cyber Security Application
Employment Practice Liability Quote
Special Events Application
Worker’s Compensation
Commercial Insurance Programs
Certificate Request
Insurance for Speech-Language
Resources
Independent Contractor (AB5) Status
Summary of Insurance Coverages
Insurance Terms
Cyber Risk Management
Blog
Contact Us
Close Menu
Our Address
750 Terrado Plaza, Suite 238 Covina, CA 91723
lillian@bakerromero.com
(626) 332-2258
Everyday 9:00am - 6:00pm
Cyber Security Application
General Information
Name of Organization
(Required)
Contact
(Required)
Mailing Address
(Required)
Contact Telephone
(Required)
Type of Business
Corporation
Limited Liability
Partnership/Joint Venture
Other
Please describe
Total Annual Revenue
Website Address
Annual revenue generated from/attributable to activites conducted through website
Coverages Requested
Please select limit of insurance requested
Policy Effective Date
MM slash DD slash YYYY
Overall Aggregate
Web Site Publishing Liability
Programming Errors and Omissions Liability
Replacement or Restoration of Electronic Data
Extortion Threats
Business Income Threats
Public Relations Expense
General Underwriting Questions
Do you collect and/or store any of the following types of electronic data of third parties (e.g. customers or business partners, etc)? Check all that apply.
Do you collect and/or store any of the following types of electronic data of third parties (e.g. customers or business partners, etc)?
Name, address, and phone
Numbers
Intellectual property assets
Unpublished financial statements
Unpublished strategic plans
Bank account details
Credit, debit, or charge card
Medical records
Employee HR/Payroll information
Social security number
Money, securities, or both
Driver’s License information Sensitive production data
Select All
check all that apply
Estimated number of customer data that you keep electronic records:
Is the customer data encrypted?
No
Yes
Are you subject to Health Insurance Portability and Accountability Act (HIPPA) and Health Information Technology for Economic and Clinical Health Act (HITECH) law?
No
Yes
Are you in compliance?
No
Yes
Employment Practices
Do you publish and distribute information technology and privacy policies to all employees?
No
Yes
Do you provide training to your employees on information security awareness?
No
Yes
Do you conduct any of the following screening on new employees?
Drug
Criminal
Credit
check all that apply
Risk Controls
Do you have a firewall?
No
Yes
How often do you review the rules within the firewall?
When was the last time a rule was removed/deactivated?
Are your IT department or outsourced third party vendors/providers to adhere to a software up- date process, including software patches and anti-virus software definition upgrades?
No
Yes
Do you perform virus scans of emails, downloads, and portable devices?
No
Yes
Do you restrict access to sensitive client, customer, employee, or other third party information?
No
Yes
Do you have a process for managing user accounts, including the timely revocation of access for terminated employees and the removal of outdated accounts?
No
Yes
Are there physical security controls in place to restrict access to your computer systems and sensitive paper records?
No
Yes
Do you have role-based controls, or other procedures that address user access to critical and sensitive computer systems, applications, or records?
No
Yes
Do you have a written business continuity/disaster recovery plan that includes procedures to be followed in the event of a disruptive computer or network incident?
No
Yes
Do you have a designated individual or group responsible for information security and compliance operations?
No
Yes
Check all that apply
Risk Management Department
Chief Information Officer/ Chief Information Security Officer
Other
Specify
Is all sensitive customer, client, and employee data:
Encrypted at rest?
No
Yes
Encrypted in transit?
No
Yes
Accessible via mobile devices, laptops or other storage media encrypted?
No
Yes
Are the mobile devices or other storage media encrypted?
No
Yes
How long would it take to restore your operations after a computer attack or other loss / corruption of data?
0-12 Hours
12-24 Hours
24 Hours
Are mission-critical transactions and security logs reviewed periodically for suspicious activity?
No
Yes
How frequently
Have you undergone an information security or privacy compliance evaluation?
No
Yes
Who performed the evaluation?
What date was the evaluation performed?
What type of evaluation was performed?
Were all recommendations implemented and deficiencies corrected?
No
Yes
Please explain
Do you outsource critical components of your network/computer system or internet access /presence to others
No
Yes
Do you have a program in place to periodically test your data security controls?
No
Yes
Do you have written contracts in place to enforce your information security policy and procedures with third party service providers?
No
Yes
Do those contracts contain hold harmless or indemnification clauses in your favor?
No
Yes
Do you audit all vendors and service providers who handle or access your data and require them to have adequate security protocols?
No
Yes
Do you have a document destruction and retention policy?
No
Yes
Do you monitor your network in real time to detect possible intrusions or abnormalities in the performance of the system?
No
Yes
Loss Experience
During the past three (3) years whether insured or not, have you sustained any losses due to unauthorized access, unauthorized use, virus, denial of service attack, electronic media liability, data breach, data theft, fraud, sabotage or other similar electronic security events?
No
Yes
Within the past three (3) years, have you experienced any network related business interruption exceeding (8) hours other than planned maintenance of your computer systems(s)?
No
Yes
During the last three (3) years, has anyone alleged that you were responsible for damage to their computer system(s) arising out of the operation of your computer system(s)?
No
Yes
During the last three (3) years, have you been the subject of an investigation or action by regulatory or administrative agency for privacy-related violations?
No
Yes
During the last three (3) years, have you received a complaint or other proceeding (including an injunction or other request for non-monetary relief) arising out of intellectual property infringement, copyright infringement, media content, or advertising material?
No
Yes
During the last (3) years, has anyone made a demand, claim, complaint, or filed a lawsuit against you alleging invasion of interference of rights of privacy or the inappropriate disclosure of Personally Identifiable Information (PII)?
No
Yes
Privacy Controls
Are you in compliance with the following:
PCIDSS (Payment Card Industry Data Security Standard)
GLBA (Gramm-Leach-Bliley Act)
HIPAA (Health Insurance Portability and Accounting Act)
Check all that apply
Do you restrict employee access to customer files and Personally Identifiable Information (PII) of employees to those with a business need-to-know basis?
No
Yes
Please explain
Does your hiring process include the following for all employees and independent contractors
Drug Testing
Criminal Background Checks
Education Background
Work history checks
Credit history checks
Other
check all that apply
Please specify
Do you allow employees to download the Personally Identifiable Information (PII) of customers or confidential information in your care belonging to third parties onto laptop computers or other storage media?
No
Yes
Is information required to be encrypted when it is stored onto the laptop or other storage media?
No
Yes
Do you have a current computer network and information security policy that applies to employees, independent contractors, and third-party vendors?
No
Yes
Is the information published within the company?
No
Yes
corporate intranet, employee handbook, etc.
Are all employees periodically instructed on their specific job responsibilities with respect to information security, such as the proper reporting of suspected security incidents?
No
Yes
Do you require the transmission of personal customer information such as credit card numbers, contact information, etc., as part of your internet-based web services?
No
Yes
Media Liability Controls
Do you have a process to review content or materials (including meta tags) before they are published, broadcasted, distributed, or displayed on your website for the following:
Defamation (Slander/Libel)
No
Yes
Right to privacy or publicity
No
Yes
Copyright, trademark or domain name
No
Yes
Are any of the following types of content disseminated on your website?
Adult
Entertainment/Games
Gambling
Medical
Software for downloading
Δ
Cyber Security Application
General Information
Name of Organization
(Required)
Contact
(Required)
Mailing Address
(Required)
Contact Telephone
(Required)
Type of Business
Corporation
Limited Liability
Partnership/Joint Venture
Other
Please describe
Total Annual Revenue
Website Address
Annual revenue generated from/attributable to activites conducted through website
Coverages Requested
Please select limit of insurance requested
Policy Effective Date
MM slash DD slash YYYY
Overall Aggregate
Web Site Publishing Liability
Programming Errors and Omissions Liability
Replacement or Restoration of Electronic Data
Extortion Threats
Business Income Threats
Public Relations Expense
General Underwriting Questions
Do you collect and/or store any of the following types of electronic data of third parties (e.g. customers or business partners, etc)? Check all that apply.
Do you collect and/or store any of the following types of electronic data of third parties (e.g. customers or business partners, etc)?
Name, address, and phone
Numbers
Intellectual property assets
Unpublished financial statements
Unpublished strategic plans
Bank account details
Credit, debit, or charge card
Medical records
Employee HR/Payroll information
Social security number
Money, securities, or both
Driver’s License information Sensitive production data
Select All
check all that apply
Estimated number of customer data that you keep electronic records:
Is the customer data encrypted?
No
Yes
Are you subject to Health Insurance Portability and Accountability Act (HIPPA) and Health Information Technology for Economic and Clinical Health Act (HITECH) law?
No
Yes
Are you in compliance?
No
Yes
Employment Practices
Do you publish and distribute information technology and privacy policies to all employees?
No
Yes
Do you provide training to your employees on information security awareness?
No
Yes
Do you conduct any of the following screening on new employees?
Drug
Criminal
Credit
check all that apply
Risk Controls
Do you have a firewall?
No
Yes
How often do you review the rules within the firewall?
When was the last time a rule was removed/deactivated?
Are your IT department or outsourced third party vendors/providers to adhere to a software up- date process, including software patches and anti-virus software definition upgrades?
No
Yes
Do you perform virus scans of emails, downloads, and portable devices?
No
Yes
Do you restrict access to sensitive client, customer, employee, or other third party information?
No
Yes
Do you have a process for managing user accounts, including the timely revocation of access for terminated employees and the removal of outdated accounts?
No
Yes
Are there physical security controls in place to restrict access to your computer systems and sensitive paper records?
No
Yes
Do you have role-based controls, or other procedures that address user access to critical and sensitive computer systems, applications, or records?
No
Yes
Do you have a written business continuity/disaster recovery plan that includes procedures to be followed in the event of a disruptive computer or network incident?
No
Yes
Do you have a designated individual or group responsible for information security and compliance operations?
No
Yes
Check all that apply
Risk Management Department
Chief Information Officer/ Chief Information Security Officer
Other
Specify
Is all sensitive customer, client, and employee data:
Encrypted at rest?
No
Yes
Encrypted in transit?
No
Yes
Accessible via mobile devices, laptops or other storage media encrypted?
No
Yes
Are the mobile devices or other storage media encrypted?
No
Yes
How long would it take to restore your operations after a computer attack or other loss / corruption of data?
0-12 Hours
12-24 Hours
24 Hours
Are mission-critical transactions and security logs reviewed periodically for suspicious activity?
No
Yes
How frequently
Have you undergone an information security or privacy compliance evaluation?
No
Yes
Who performed the evaluation?
What date was the evaluation performed?
What type of evaluation was performed?
Were all recommendations implemented and deficiencies corrected?
No
Yes
Please explain
Do you outsource critical components of your network/computer system or internet access /presence to others
No
Yes
Do you have a program in place to periodically test your data security controls?
No
Yes
Do you have written contracts in place to enforce your information security policy and procedures with third party service providers?
No
Yes
Do those contracts contain hold harmless or indemnification clauses in your favor?
No
Yes
Do you audit all vendors and service providers who handle or access your data and require them to have adequate security protocols?
No
Yes
Do you have a document destruction and retention policy?
No
Yes
Do you monitor your network in real time to detect possible intrusions or abnormalities in the performance of the system?
No
Yes
Loss Experience
During the past three (3) years whether insured or not, have you sustained any losses due to unauthorized access, unauthorized use, virus, denial of service attack, electronic media liability, data breach, data theft, fraud, sabotage or other similar electronic security events?
No
Yes
Within the past three (3) years, have you experienced any network related business interruption exceeding (8) hours other than planned maintenance of your computer systems(s)?
No
Yes
During the last three (3) years, has anyone alleged that you were responsible for damage to their computer system(s) arising out of the operation of your computer system(s)?
No
Yes
During the last three (3) years, have you been the subject of an investigation or action by regulatory or administrative agency for privacy-related violations?
No
Yes
During the last three (3) years, have you received a complaint or other proceeding (including an injunction or other request for non-monetary relief) arising out of intellectual property infringement, copyright infringement, media content, or advertising material?
No
Yes
During the last (3) years, has anyone made a demand, claim, complaint, or filed a lawsuit against you alleging invasion of interference of rights of privacy or the inappropriate disclosure of Personally Identifiable Information (PII)?
No
Yes
Privacy Controls
Are you in compliance with the following:
PCIDSS (Payment Card Industry Data Security Standard)
GLBA (Gramm-Leach-Bliley Act)
HIPAA (Health Insurance Portability and Accounting Act)
Check all that apply
Do you restrict employee access to customer files and Personally Identifiable Information (PII) of employees to those with a business need-to-know basis?
No
Yes
Please explain
Does your hiring process include the following for all employees and independent contractors
Drug Testing
Criminal Background Checks
Education Background
Work history checks
Credit history checks
Other
check all that apply
Please specify
Do you allow employees to download the Personally Identifiable Information (PII) of customers or confidential information in your care belonging to third parties onto laptop computers or other storage media?
No
Yes
Is information required to be encrypted when it is stored onto the laptop or other storage media?
No
Yes
Do you have a current computer network and information security policy that applies to employees, independent contractors, and third-party vendors?
No
Yes
Is the information published within the company?
No
Yes
corporate intranet, employee handbook, etc.
Are all employees periodically instructed on their specific job responsibilities with respect to information security, such as the proper reporting of suspected security incidents?
No
Yes
Do you require the transmission of personal customer information such as credit card numbers, contact information, etc., as part of your internet-based web services?
No
Yes
Media Liability Controls
Do you have a process to review content or materials (including meta tags) before they are published, broadcasted, distributed, or displayed on your website for the following:
Defamation (Slander/Libel)
No
Yes
Right to privacy or publicity
No
Yes
Copyright, trademark or domain name
No
Yes
Are any of the following types of content disseminated on your website?
Adult
Entertainment/Games
Gambling
Medical
Software for downloading
Δ
