Cyber Risk Questionnaire
Business Name
Contact person
Business Email*
Phone
Year Business Established
Website
Industry
Number of PII (Personally Identifying Information) Records
Annual Revenue (HKD)
No. of Employees
1. Do you configure and use a firewall to protect all of your devices, particularly those that connect to public or other untrusted Wi-Fi networks?
Yes
No
2. Have you installed, and do you regularly update, anti-malware software on all of your computers and laptops?
Yes
No
3. Do you change all default passwords on new devices and require regular mandatory password updates for all accounts?
Yes
No
4. Do you take regular (at least weekly) back-ups of your important data and store this data off-site/disconnected from your network?
Yes
No
5. Do you control access to your data through user accounts, and review who should have administrative access on a regular basis?
Yes
No
6. Do you have a process in place to regularly patch your systems and applications?
Yes
No
7. Do you have multi-factor authentication enabled for your IT administrators, emails, remote access and online banking facilities?
Yes
No
8. Do you have a written privacy policy that has been reviewed by a suitably qualified lawyer?
Yes
No
9. Do you have a disaster recovery/incident response plan in place that takes account of loss of functionality as a result of a hack?
Yes
No
10. Is there an individual in your organisation specifically assigned responsibility for information security (such as a CISO)?
Yes
No
11. Have you experienced a breach, suffered a loss or had a claim (whether successful or not) made against the business in the past three years?
Yes
No
Referral’s Name (if any)
Please read the declaration carefully.
Material information
In deciding whether to accept the insurance and in setting the terms and premium, we have relied on the information you have given us.
You must:
- Give a fair presentation of the risk to be insured by clearly disclosing all material facts and circumstances (whether or not subject to a specific question) which you, your senior management, and those responsible for arranging this insurance, know or ought to know following a reasonable search;
Take care by ensuring that all information provided is correct, accurate, and complete.
Declaration
I /we confirm that the information given in this proposal form is correct, accurate and complete and I have made a fair presentation of the risk.
Submit
