Essential Cyber Cover for your Business

Please answer in the form above whether these statements are true or false in relation to your business. If any of these are False, we will be in contact to ask for some further information. 

Our Business Type - our company is not:

• a healthcare provider or hold, store or process healthcare records for individuals (except own employees);
• an entity which has exposure to nuclear power;
• a call centre, telemarketing/direct marketing firm, data processing/outsourcing firm;
• an internet service provider or telecommunications service provider;
• a government entity, public body, council, local authority, political party or lobbying group;
• a firm regulated by the Financial Conduct Authority (excluding insurance brokers) or a payment processor or involved in cryptocurrency;
• an entity which holds, stores or processes personal data on minors or is an educational establishment;
• a social networking, pornography, blogging/vlogging, dating website, mobile application or video game developer;
• a franchisee or franchisor.

Our Data Privacy and Security - we ensure that:

• if we have employees, they are made aware of their and the company’s data privacy and information security responsibilities, and common risks and mitigations, when they first start;
• critical data is identified and appropriately secured, including through the encryption of all mobile devices, e.g. enabling in-built encryption on laptops and setting a PIN on phones;
• only staff and authorised visitors have access to premises and IT facilities;
• we comply with all privacy regulation and legislation, e.g. the EU General Data Protection Regulation and UK Data Protection Act 2018, and relevant industry requirements where applicable, e.g. PCI - DSS

Our Technical Security - we ensure that:

• access to information and IT is role-based and uses authentication with strong passwords, including guest Wi-Fi passwords;
• anti-virus protection and firewalls are deployed to all our IT systems;
• in-built email (e.g. MS365) and internet (e.g. Chrome browser) security features are switched on;
• changes to existing, and introduction of new, information systems are security assessed;
• all software and security features are kept regularly updated;
• security logging is in place across critical IT systems, e.g. to capture login activity to our finance system.

Our Ability to Respond and Recover - we ensure that:

• critical systems are regularly backed-up (e.g.to USB or external hard drive), and regularly tested for recoverability, and there is a documented and tested IT disaster recovery plan;
• we have a documented and tested incident response plan that includes business continuity plan.

Claims Warranty

• We have had no cyber or data breach claims, or events that would have been the subject of a claim under this policy had it been in force at the time, within the last 5 years.

This policy is suitable for businesses with a need for financial support and protection with regards to cybercrime, data breaches and online media incidents. This policy is provided on a non-advised information only basis.  Alan & Thomas has not made any recommendation to you as to the suitability of this insurance.  Please ensure the policy cover meets your requirements before purchasing.