"*" indicates required fields Step 1 of 6 16% Use this proposal if your estimated total revenue for the coming 12 months is $75m or less. Segregation of Operations Your Details Name* First Last Contact Number*Email* Address* Street Address Suburb State Postal Code Policyholder/Business Name* Business Activity, Industry or Profession* Australian Business No. (ABN)* Policyholder’s Principal Address* Street Address Suburb State Postal Code Trading Names* Add RemoveWebsites Add Remove Segregation of Operations Please provide your estimated Revenue for the coming 12 month period by region, and indicate in which territories you are located. Are you located in Australia/NZ?*SelectYesNoRevenue in Australia/NZ ($)* Are you located in EU/UK*SelectYesNoRevenue in EU/UK ($)* Are you located in the USA?*SelectYesNoRevenue in the USA ($)* Are you located in the Rest of World?*SelectYesNoRevenue in the Rest of World ($)* Total Revenue ($)* Estimated annual total number of transactions*Select0 - 10,00010,001 - 25,00025,001 - 50,00050,001 - 75,00075,001 - 100,000100,001 - 200,000200,001 - 300,000300,001 - 400,000400,001 - 500,000Combined number of client/customer records*Select500,001 - 750,000750,001 - 1,000,0001,000,001 - 1,500,0001,500,001 - 2,000,0002,000,001 - 2,500,0002,500,001 - 5,000,000More than 5,000,000Please provide the total number* Do you comply with your relevant PCI DSS obligations?*SelectYesNoDon't KnowN/A - We are not subject to PCI DSSWhat percentage of your Total Revenue is from online or e-commerce activities?* Number of full time employees*Select1 - 1011 - 2021 - 3031 - 5051 - 100101 - 200More than 200Please provide the total number* Do you have a Notifiable Data Breach plan in place and otherwise comply with The Privacy Act 1988?*SelectYesNoDon't KnowN/A - We are not subject to the Privacy ActDo you have a Data Protection/Privacy policy?*SelectYesNoDon't KnowDo you have firewalls protecting your own and customer/client data?*SelectYesNoDon't KnowDo you protect all Personally Identifiable Information and other sensitive data through Encryption?*SelectYes, info encrypted at rest on our network, in transit and when backed-upYes, info encrypted in transit and when backed up but not when at rest on our networkYes, info encrypted but ONLY in specific limited scenariosNo, info not encrypted whatsoeverDo you outsource the handling of any Personally Indentifiable Information?*SelectYesNoDon't KnowDo you use up-to date antivirus/spyware and malware software?*SelectYes, updated daily or automatically upon releaseYes, updated on a weekly to monthly basisNoDon't KnowAre all mission/business critical systems and data information assets backed up and stored at another location?*SelectYes, backed up dailyYes, backed up weekly or less frequentlyNoDon't KnowHas an independent party completed an audit of your system/data security?*SelectYesNoDon't KnowIf your IT network failed, which of the following would best describe the impact to your operations and revenues?*SelectInconvenience, very minimal revenue impact and operations could continue temporarilyRevenues would NOT be impacted immediately, and only slightly when impactedRevenues would NOT be impacted immediately, but significantly when impactedRevenues would be impacted immediately but only slightlyRevenues would be impacted immediately and significantlyOperations and revenues would be entirely interruptedDo you have written data security policies and procedures communicated to all employees, and do employees receive annual security awareness training?*SelectYes, both written policies plus annual security awareness trainingWritten policies but no employee security awareness trainingEmployee security awareness training but no written security policiesNoDon’t KnowAre you aware of any claims, circumstances, privacy breaches, viruses, DoS / DDoS, or hacking incidents which have impacted, or could adversely impact your business?*SelectYesNoPlease provide details including costs incurred and any remedial action taken* Is your Estimated Revenue Is >$25m*SelectYesNoDescribe the type of information in records held by you: Select all that apply* Customer info (e.g., Name, Address, E-Mail Address, Phone, etc.) Credit card details Personal Identity info (e.g., Drivers License, TFN, Passport #, Gov’t ID) Confidential 3rd party trade secrets or IP (Intellectual Property) Banking or Financial details Medical or Healthcare data Do you have a dedicated person responsible for your IT infrastructure, data security and privacy?*SelectYes, full time IT Manager, Chief Information Security Officer (CISO) or similarOutsourced - IT contractor provides a full time dedicated personNo, responsibility is shared amongst Legal, HR and other departmentsNoDon’t knowDo you have a Disaster Recovery Plan (DRP) and/or Business Continuity Plan (BCP) in place and has this been tested in the last 18 months?*SelectYes, current and testedYes, but not tested in the past 18 monthsYes, but not ever testedNoDoes your network include contingency / redundancy / resilience of any description, to mitigate system interruptions or failures (such as mirrored infrastructure, failover mechanisms, warm or hot replicated sites or similar)?*SelectYes, multiple aspectsYes, but just one aspectNoDo you control / limit / monitor your employees’ ability to remove data or information from your network / office (examples include USB drive security)?*SelectYes, for data and physical informationYes, for data onlyYes, for physical information onlyNoDoes your website use Web Apps?*SelectYesNoDon’t KnowN/A - we do not have a websiteDo you use monitored Intrusion Detection or Intrusion Prevention Systems (IDS/IPS)?*SelectYesNoDon’t KnowAre you aware of any evidence of network intrusion or vulnerabilities highlighted in an IT Security audit or Penetration test which have not yet been resolved?*SelectYesNoPlease provide details* Have you had any unforeseen down time to your website or IT network of more than 12 hours?*SelectYesNoPlease provide details* Segregation of Operations Cyber Event Protection Optional Covers OPTIONAL COVER - Contingent Business InterruptionDo you want Optional Cover for Contingent Business Interruption?*SelectYesNoTell us about your critical components, service providers and supplies.SelectAll critical components, services and supplies are readily available from multiple sourcesSubstitutes can be available within 10 daysLonger than 10 days for substitutes to be availableSubstituting components, services or supplies is not possibleOPTIONAL COVER - Criminal Financial LossDo you want Optional Cover for Criminal Financial Loss?*SelectYesNoIncludes Cyber Theft, Telephone Phreaking, Identity-based Theft and Cryptojacking. Does not include Socially Engineered Theft unless selected specifically.Aggregate Limit for Criminal Financial Loss*Select$10,000$25,000$50,000$75,000$100,000$150,000$250,000OtherPlease specify the value* Do you want to include cover for Socially Engineered Theft?SelectYesNoSublimit for Socially Engineered TheftSelect$5,000$10,000$15,000$20,000$30,000$50,000$75,000$100,000$125,000$150,000$200,000$250,000The sublimit for Socially Engineered Theft cannot be greater than the aggregate limit for Criminal Financial Loss.Do you require passwords to be changed regularly (at least quarterly)?SelectYesNoDon’t KnowDo you allow remote access to your internal network?SelectYesYes, with dual authenticationNoDon’t knowAre all new payees, and changes to existing payees’ banking details, double authenticated with the payee?SelectYesNoDon’t knowDo transfers > $10,000 require dual signature or supervisor / manager sign off?SelectYesNoDon’t knowAre you entrusted with or in control of funds from a 3rd party, or do you provide any of the following services for others? Tick all that apply Collection or payment processing? Asset, investment or trust management services? Cash management or other treasury functions? Other office functions? Please provide details Have you ever been declined for Crime, Fidelity or Computer Crime insurance, or had such insurance cancelled?SelectYesNoN/A - have never had such insurancePlease provide details Have you ever suffered a Crime, Fidelity or Computer Crime loss?SelectYesNoPlease provide details OPTIONAL COVER - Tangible PropertyDo you want Optional Cover for Tangible Property?*SelectYesNoAggregate Limit for Tangible Property*Select$5,000$10,000$15,000$25,000$50,000OtherPlease specify the amount* OPTIONAL COVER - Joint Venture and Consortium CoverDo you want Optional Cover for your liability from Joint Ventures or Consortia?*SelectYesNoName(s) of the Joint Venture or Consortium Your share of revenue from the JV or consortium for the coming 12 months in your Estimated Total Revenue. Please specify your preferred Excess, Indemnity Period and Aggregate LimitExcess Limit*Select$250$1,000$2,500$5,000$10,000$15,000$25,000OtherPlease specify the limit* Section A Indemnity PeriodSelect30 days60 days90 days180 days365 daysPolicy Aggregate LimitSelect$250,000$500,000$1,000,000$2,000,000$3,000,000$4,000,000$5,000,000$10,000,000OtherPlease specify the limit Consent* I agreeClaims made notice Section B – loss to others of this policy is issued on a ‘claims made and notified’ basis. This means that Section B – loss to others responds to: a. claims first made against you during the policy period and notified to us during the policy period, provided that you were not aware at any time prior to the commencement of the policy of circumstances which would have put a reasonable person in your position on notice that a claim may be made against him/her; and: b. written notification of facts pursuant to Section 40(3) of the Insurance Contracts Act 1984 (Cth). Effectively, the facts that you may decide to notify are those which might give rise to a claim against you even if a claim has not yet been made against you. Such notification must be given as soon as reasonably practicable after you become aware of the facts and prior to the expiry of the policy period. If you give written notification of facts the policy will respond even though a claim arising from those facts is not made against you until after the policy has expired. When the policy period expires, no new notification of facts can be made to us on the expired policy for a cyber event first discovered or identified by you during the policy period. Your Duty of Disclosure Before you enter into an insurance contract, you have a duty to tell us anything that you know, or could reasonably be expected to know, may affect our decision to insure you and on what terms. You have this duty until we agree to insure you. You have the same duty before you renew, extend, vary, continue under similar insurance or reinstate an insurance policy. You do not need to tell us anything that: – reduces the risk we insure you for; or – is common knowledge; or – we know or should know as an insurer; or – we waive your duty to tell us about. If you do not tell us anything you are required to, we may cancel your policy or reduce the amount we will pay you if you make a claim, or both If your failure to tell us is fraudulent, we may refuse to pay a claim and treat the policy as if it never existed. About IMC Insurance Pty Ltd IMC Insurance Pty Ltd (ABN 73 063 511 740, AFSL 229344) (‘IMC) acts under a binding authority given to it by the insurer to administer and issue policies, alterations and renewals. In all aspects of arranging this policy, IMC acts as an agent for the insurer and not for you. Contact details are: Email: insure@imcinsurance.com.au Telephone: +61 3 9825 6333 Postal address: Level 1/251-253 Malvern Road, South Yarra VIC 3141 Privacy In this Privacy Notice the use of “we”, “our” or “us” means the insurer and IMC, unless specified otherwise. We are committed to protecting your privacy. We need to collect, use and disclose your personal information (which may include sensitive information) in order to consider your application for insurance and to provide the cover you have chosen, administer the insurance and assess any claim. You can choose not to provide us with some of the details or all of your personal information, but this may affect our ability to provide the cover, administer the insurance or assess a claim. The primary purpose for our collection and use of your personal information is to enable us to provide insurance services to you. Personal information will be obtained from individuals directly where possible and practicable to do so. Sometimes it may be collected indirectly (e.g. from your insurance intermediary or co- insureds). If you provide personal information for another person you represent to us that: – you have the authority from them to do so and it is as if they provided it to us; – you have made them aware that you will or may provide their personal information to us, the types of third parties we may provide it to, the relevant purposes we and the third parties we disclose it to will use it for, and how they can access it. If it is sensitive information we rely on you to have obtained their consent on these matters. If you have not done or will not do either of these things, you must tell us before you provide the relevant information. We may disclose the personal information we collect to third parties who assist us in providing the above services, such as related entities, distributors, agents, insurers, reinsurers and service providers. Some of these third parties may be located outside of Australia. In all instances where personal information may be disclosed to third parties who may be located overseas, we will take reasonable measures to ensure that the overseas recipient holds and uses your personal information in accordance with the consent provided by you and in accordance with our obligations under The Privacy Act 1988 (Cth). In dealing with us, you consent to us using and disclosing your personal information as set out in this statement. This consent remains valid unless you alter or revoke it by giving written notice to IMC’s Privacy Officer. However, should you choose to withdraw your consent, we may not be able to provide insurance services to you. The IMC Privacy Policy available at www.imcinsurance.com.au or by calling IMC, sets out how: – IMC protects your personal information; – you may access your personal information; – you may correct your personal information held by us; – you may complain about a breach of The Privacy Act 1988 (Cth) or Australian Privacy Principles and how IMC will deal with such a complaint. If you would like additional information about privacy or would like to obtain a copy of the Privacy Policy, please contact the IMC Privacy Officer by: Postal Address: Level 1/251-253 Malvern Road, South Yarra VIC 3141 Phone: +61 3 9825 6333 Fax: +61 3 9825 6333 Email: insure@imcinsurance.com.au You can download a copy of the IMC Privacy Policy by visiting www.imcinsurance.com.au. I/we acknowledge that: 1. I/We have read and understood the important information provided on the last page of this document in the Important Information section. 2. I/We are authorised by all those seeking insurance to make this Proposal, and declare all information on this Proposal and any attachment is true and correct. 3. I/We authorise the underwriter to give to, or obtain from, other insurers or any credit reference service, any information relating to insurance held by me/us or any claim in relation thereto. 4. I/We acknowledge that, where answers are provided in the proposal are not in my/our handwriting, I/We have checked and certify that the answers are true and correct.Please sign your name* Name Date DD slash MM slash YYYY Δ