Cyber Liability Assessment

Assessment Introduction

Page 1

Welcome to the Cyber Liability IQRM!

As is evident from the daily news reports, cyber-related incidents are rapidly increasing, leaving businesses vulnerable to attack. And, the cyber risk has increased significantly with people working remotely.  The IQRM for Cyber Liability is focused on assisting organizations in identifying privacy and security exposures, and recommended best practices to avoid potential breaches and mitigate the impact of a cyber incident.

Please click below to take a 20 statement survey to gain your organization’s IQRM Effectiveness Risk Audit Score for Cyber Liability.

Question 1

To what degree does your organization have a dedicated Information Security individual or team who is responsible for overall privacy and network security protection?

Question 2

To what extent does your organization have a breach incident response plan in place to determine proactively which breach services firms, PR firm, forensics investigator, etc. your organization would use after a data breach event?

Question 3

How would you rate your organization at backing up all valuable/sensitive data on a daily basis and testing/validating it periodically?

Question 4

To what degree does your organization perform regular software updates and patching procedures?

Question 5

To what extent is encryption is in place for sensitive data, especially on portable devices?

Question 6

How would you gauge your organization’s ability to regularly conduct cyber security audits of your own systems as well as those of your third-party vendors?

 

Question 7

How effective is your organization at training and regularly testing your employees on recognizing and avoiding phishing, social engineering and email scams?

Question 8

To what degree has your organization established the number of unique personal information records (PII) that are stored on your network or that are stored by others on your behalf (i.e., third-party cloud providers)?

Question 9

To what extent does your organization limit employee access to sensitive data based upon their role in the company and their business need to access such data?

Question 10

How would you rate your organization at requiring training for employees on the appropriate business use of social media?

Question 11

How effective is your organization at retrieving key documents, data, and sensitive information from former vendors and contractors (who no longer work for you) and from exiting employees?

Question 12

To what degree is your organization in compliance with regulations regarding sensitive data that applies to your business including, but not limited to, HIPAA/HiTECH?

Question 13

If your organization accepts payment cards, to what extent is it in compliance with applicable Payment Card Industry Data Security Standards (PCI/DSS)?

Question 14

To what degree does your organization ensure that contracts have strong hold-harmless agreements with third parties that manage, host, and access your data?

Question 15

How would you rate your organization at requiring all third parties that manage, host and access your data to have comprehensive professional liability (if applicable) and cyber liability insurance?

Question 16

To what degree does your organization carefully review the hold-harmless agreements and insurance requirements for contracts with third parties that grant you access to their data  to ensure that they are balanced to both parties?

Question 17

How effective is your organization’s data destruction policy to remove PII from our systems when no longer needed?

Question 18

When acting upon a request to wire transfer funds to a third party, whether the request is from someone internally or externally, to what degree does your organization verify that the request is valid (either in person or by calling a known valid number)?

Question 19

If your organization currently has or is contemplating the purchase of a cyber policy, to what  extent have you reviewed the coverages and exclusions to determine if you have procured broadest terms available?

Question 20

If your organization currently has or is contemplating the purchase of a cyber policy, how effectively have you reviewed your insurance portfolio to determine if any overlapping coverages exist?

Tell Us More About You