Commercial - Underwriting Mandates & Guidelines Binder

Page 104 - Commercial - Underwriting Mandates & Guidelines Binder

P. 104

Cyber Liability
Financial institution
2.4 Excluded risks (cont.)
Gaming (including online)
Healthcare center/provider with a turnover more than R25 000 000 (twenty five million rand) per annum
Hospitality industry with a turnover more than R25 000 000 (twenty five million rand) per annum
Internet service/hosting/cloud storage provider
Merchants with a turnover more than R25 000 000 (twenty five million rand) per annum
Micro lenders
Online retailers
Payroll processor
Recruitment agencies with a turnover more than R25 000 000 (twenty five million rand) per annum
Technology Service Providers with a turnover more than R25 000 000 (twenty five million rand) per annum
Telecommunications provider
Tertiary educational institution
Companies trading outside RSA
Companies that store or process more than 100 000 (one hundred thousand) payment cards (debit and credit cards) per year
Companies with an annual turnover above R250 000 000 (two hundred and fifty million rand) Companies that do not meet the minimum-security requirements
USA and Canada
2.5
Basic information required to issue cover
2.5.1 2.5.2 2.5.3 2.5.4 2.5.5 2.5.6 2.5.7 2.5.8 2.5.9 2.5.10
2.5.11 2.5.12
2.5.13 2.5.14
Full name of the business entity, partnership, Ltd or (Pty) Ltd Physical address
Contact details
Nature of the business, full description of activities
Annual turnover/gross revenue Company registration number VAT number
Inception date of cover
Broker
Is the company domiciled in South Africa and does it have any operations outside of South Africa to be covered under the policy?
Does the company trade in any of the excluded risks?
Does the company store/process less than 100 000 (one hundred thousand) payment cards (debit and credit cards) per year?
Is the company aware of any circumstances within the past 3 (three) years that would have, may give or has given risk to a claim under the coverage to be provided?
Has the company implemented the following security controls?
• Next generation anti-virus/anti-malware.
• Processes to apply security related patches/updates within 3 (three) months of release.
• Outdated software which is no longer supported by the software provider is not accessible from external networks.
• Password controls including:
͵
͵
length of at least 10 (ten) characters;
use of passwords not reasonably deemed easily guessable;
102
Commercial Underwriting Mandates and Guidelines – Binder – Version 4 2022

102 103 104 105 106