Gordon Wood Insurance

Kelsey Wood • Principal Agent and Company President
kwood@gordonwoodinsurance.com541-672-4466

Please contact your wholesale broker to get a custom branded cyber application

Gordon Wood Insurance

Kelsey Wood • Principal Agent and Company President
kwood@gordonwoodinsurance.com541-672-4466

Please contact your wholesale broker to get a custom branded cyber application

Thank you for submitting your Cyber Protection application!
You will soon receive a confirmation email and next steps for obtaining the coverage you need.
Return home / Start another application

Begin your Cyber application

Please provide a valid name.
Please provide a valid name.
Please provide a valid email.
Please provide a valid phone.
Please provide a valid name.
Please provide a valid email.
Please provide a valid phone.

Insured Details

* Indicates Required Input - Assumptions Applied To Questionnaire

Save Application For Later
Please provide a name.
Please provide a valid email.
Share Application With Someone
Please provide a name.
Please provide a valid email.
Please enter a note.
Your data has been saved, and information has also been sent to your email address to access in the future.
You have shared the application with with the note:

Applicant Information

Please provide a valid name.
Please provide a valid address.
Please provide a valid city.
Please provide a valid state.
Please provide a valid zip code.
Please provide a valid web address.
Please provide the number of employees.
Please provide a valid year.
Please provide a business type.

Is Franchise

Please provide a valid FEIN.
Please select a valid class code / industry.
Please provide a valid date.
Please provide a valid gross revenue.

Insured Contact Information

Please provide a valid name.
Please provide a valid phone.
Please provide a valid email.

Dedicated Information Technology (IT) Contact

Are the insured details to be used as the dedicated IT contact?

Please provide a valid name.
Please provide a valid phone.
Please provide a valid email.

Coverage Questions

1. Is the Applicant engaged in any of the following business activities? (select all that apply)

Records

2. Does the applicant collect, process, store, transmit, or have access to any Payment Card Information (PCI), Personally Identifiable Information (PII), or Protected Health Information (PHI) other than employees of the applicant?*

2a. How many PII or PHI records does the applicant collect, process, store, transmit, or have access to?

Please provide an estimate.

3. Does the applicant accept payment cards in exchange for goods or services rendered?

3a. What is the estimated annual volume of payment card transactions (credit cards, debit cards, etc.)?

Please provide an estimate.

Is the Applicant Payment Card Industry (PCI) compliant?

Is the Applicant's outsourced payment processor Payment Card Industry (PCI) compliant?

Security System and Controls

4. Do you implement any Multi-Factor Authentication (MFA)?

4a. Does the Applicant have multi-factor authentication (MFA) enabled on email access?

4b. Does the Applicant have multi-factor authentication (MFA) enabled for remote network access?

4c. If Yes, Does the Applicant require multi-factor authentication (MFA) for all privileged access to its network?

5. Does the Applicant encrypt all sensitive information at-rest?

6. Does the Applicant encrypt all external communications containing sensitive information?

7. Does the Applicant encrypt sensitive information stored in the cloud?

8. Does the Applicant deploy End Point Detection and Response on at least 95% of all endpoints?

9. Does the Applicant encrypt all private and sensitive information stored on mobile devices (e.g., laptops, USB drives, tablets, etc.)?

10. How often does the applicant apply updates to critical IT systems and applications, i.e., security patching? (Select all that apply)

11. Does the Applicant prohibit local administrator privileges for all users?

12. Does the Applicant prohibit end users from running administrative actions on endpoints?

13. Are external emails flagged?

14. Are macros automatically disabled?

15. Are executable attachments blocked?

16. Do agreements with third-party service providers require levels of security commensurate with the organization’s information security standard?

17. Does the Applicant enforce procedures to remove content (including third party content) that may infringe or violate any intellectual property or privacy right?

18. Do you use Microsoft 365?

18a. Do you use Microsoft 365 Windows Defender/Advanced Threat Protection add-on or a similar product?

18b. Do you use a Microsoft Exchange Server and have you installed the March 2021 Microsoft Exchange Server Security Update?

18c. Please check which similar product you are using:

Please provide a description.

19. If the Applicant uses multimedia material provided by others, does the applicant always obtain the necessary rights, licenses, releases and consents prior to publishing?

19. Does the applicant deploy either end-to-end or point-to-point encryption technology on all of their point of sale terminals?

Phishing

20. Does the Applicant have controls in place which require all fund and wire transfers over $25,000 to be authorized and verified by a secondary means of communication prior to execution?

21. Are phishing exercises utilized as part of the security awareness program?

22. Are all users required to complete security awareness training at least annually?

Backups and Recovery

23. Does the Applicant have procedures and tools in-place to backup, archive, and restore sensitive data from critical systems?

23a. How frequently are Applicant’s systems backed up?

23b. Does the Applicant Utilize Cloud or local backup system?

23c. If local backup is utilized, is the backup stored offline or air gapped?

24. Does the Applicant test its data recovery and restoration procedures?

Claim, Breaches and Interruptions

25. In the last three (3) years, has the Applicant experienced in excess of $10,000, or $25,000 for any Cyber Event, Loss, or been the subject of any Claim made for a Wrongful Act that would fall within the scope of the Policy for which the Applicant is applying?

Please provide details.

25a. Wrongful Act Amount

25b. Years since last claim

26. Is the Applicant aware of any fact, circumstance, situation, event or Wrongful Act which reasonably could give rise to a Cyber Event, Loss, Claim being made against them that would fall within the scope of the Policy for which the Applicant is applying?

27. Has the Applicant or any other organization proposed for this insurance sustained any unscheduled network outage or interruption lasting longer than six hours within the past twenty-four months?

28. Does the Applicant or any other person or organization proposed for this insurance have knowledge of any security breach, privacy breach, privacy-related event or incident or allegations of breach of privacy that may give rise to a claim?

Statements about your business

1. As the individual completing this transaction, you are authorized to purchase and bind this insurance on behalf of the entity applying for coverage.

2. Your business is not controlled or owned by any other firm, corporation, or entity.

3. For the entire period of time that you have owned and controlled the business, you have not sold, purchased, or acquired, discontinued, merged into or consolidated with another business.

4. Your business has never had any commercial insurance cancelled or rescinded.

Claims and Loss History

Based upon your knowledge and the knowledge of your business’s current and past partners, officers, directors, and employees, during the last five years a third party has never made a claim against your business, and you do not know of any reason why someone may make a claim.

Professional Liability

The limits of liability represent the total amount available to pay judgments, settlements, and claim expenses (e.g., attorney's fees) incurred in the defense of any claims. We are not liable for any amounts that exceed these limits. If coverage is provided, it shall apply only to occurrences that take place during the policy period.

It is a crime to knowingly and intentionally attempt to defraud an insurance company by providing false or misleading information or concealing material information during the application process or when filing a claim. Such conduct could result in your policy being voided and subject to criminal and civil penalties.

Carriers
Breach Cost
Calculator

The direct costs of a breach stem from fines and lawsuits regarding the mishandling of data and the cost of investigation and remediation that occur as a result of the breach. When calculating the cost of a data breach, you need to take into account damages of all types; social media, negative public sentiment and damaged reputation all of which can surpass that of the actual crime itself.

Ransomware
Solutions

A type of malicious software designed to block access to a computer system until a sum of money is paid. It is a type of malware that prevents or limits users from accessing their systems, locking the system’s screen, or locking the users’ files until ransom is paid. Modern ransomware families collectively categorized as crypto ransomware, encrypt certain file types on infected systems and force users to pay the ransom through certain online payment methods to get a decryption key. Crypto, bit, doge coin, thorium are common payment types.

Social
Engineering

The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. The term encompasses a broad spectrum of malicious activities. Most common attacks are phishing, pretexting baiting, quid pro quo, or tailgating. This truly is a criminal’s art of manipulating people and companies, so they give up confidential information. These criminal tactics are usually used in conjunction to exploit ways to hack your software.