MSIG — MSIG CyberComplete

The Insurance Act: In this Proposal Form, you are required to disclose fully and faithfully all the facts you know or ought to know in respect of the risk that is being proposed; otherwise the Policy issued hereunder may be void.

Please read the following advice before completing this proposal form.

This proposal is for a claims made policy. A claims made policy only responds to claims made and notified to us during the period of insurance.

The term "PROPOSER" or "You/Your" means the Company (or organisation) listed below and all of its subsidiaries for which coverage is proposed on this form and the "INSURER" or "We/Us/Our" is MSIG Insurance (Singapore) Pte. Ltd.

This PROPOSER is completing this form on behalf of all Insureds (as defined in the policy), it must be signed and dated by an authorised representative of the PROPOSER.

- Answer all questions giving full and complete answers.
- It is your duty to provide all of the information requested on the form as well as to include all material facts.
- A material fact is a known fact and/or circumstance that may influence our decision whether to accept the risk and if so, on what terms. If you are unsure whether a matter is material, you should disclose it. Full details of your duty of disclosure can be found in the following section.
- If the space provided on this form is insufficient, please provide complete answers on an additional sheet, which must be signed and dated.
- The proposal form must be completed, signed and dated by a person, who must be of legal capacity and authorised for the purpose of requesting this insurance by the PROPOSER.

This proposal form DOES NOT BIND the PROPOSER or the INSURER to complete the insurance but will become part of the insurance policy.

Before you enter into a contract of general insurance with us, you have a duty to disclose every matter within your knowledge that is material to our decision whether to insure you and, if so, upon what terms. You have the same duty to disclose material facts before you renew, extend, vary or reinstate a contract of general insurance.

Your duty however does not require you to tell us anything that:

- Reduces the risk you are insured for; or
- Is common knowledge; or
- We know or, as an insurer, should know; or
- We waive your duty to tell us about.

Note that this duty continues after the proposal form has been completed until the time the policy is in force.

If you fail to comply with this duty of disclosure, we may cancel the policy or reduce the amount we will pay you if you make a claim, or both. If your failure is fraudulent, we may refuse to pay a claim and treat the policy as if it had never existed. It is therefore vital that you make sufficient enquiries before completing this form and before signing the declaration on this form or any addendum; or any declaration that there has been no change in the information you have provided.

Where another person or company would be liable to compensate you for any loss or damage otherwise covered by the policy, but you have agreed with that person either before or after the loss or damage occurred that you would not seek to recover any monies from that person or company, we will not cover you under the insurance for such loss or damage.

---

MSIG Insurance (Singapore) Pte. Ltd. (Co. Reg. No. 200412212G)
4 Shenton Way, #21-01, SGX Centre 2, Singapore 068807
Tel +65 6827 7888 Fax +65 6827 7800
msig.com.sg

A Member of MS&AD INSURANCE GROUP

| Field | Value |
|-------|-------|
| Company name | |
| Address of head office | |
| Web address | |
| Company registration number | |
| Place of incorporation | |
| Date established | |
| Describe the company's activities | |

| | Last year (SGD) | Current year (SGD) | Next year estimate (SGD) |
|---|---|---|---|
| Total | | | |
| % from online sales | | | |

| Singapore | Asia | Australia & New Zealand | USA & Canada | Europe | UK | Others |
|---|---|---|---|---|---|---|
| | | | | | | |

| Principals, partners & directors | Information technology |
|---|---|
| | |
| Professional | Cyber & information security |
| | |
| Admin & Support | Others (please specify) |
| | |

- [ ] Yes
- [ ] No

- [ ] Yes
- [ ] No

If no, please explain what security measures are implemented:

- [ ] Yes
- [ ] No

If 'yes', is it enforced?

- [ ] Yes
- [ ] No

If 'no' to either of the above, please explain how account security is maintained:

**Password protected?**

- [ ] Yes
- [ ] No

**Encrypted?**

- [ ] Yes
- [ ] No

If 'no' to either of the above, please explain what security protocols are implemented to secure mobile devices and backup media:

- [ ] Yes
- [ ] No
- [ ] N.A.

- [ ] Yes
- [ ] No

If 'yes', when does this occur?

- [ ] At rest (on network)
- [ ] In transit
- [ ] In backup

- [ ] Yes
- [ ] No

If 'yes', is this tested at least annually?

- [ ] Yes
- [ ] No

- [ ] Yes
- [ ] No

- [ ] Yes
- [ ] No

If 'yes', how often is this training conducted?

- [ ] Monthly
- [ ] Quarterly
- [ ] Biannually
- [ ] Annually
- [ ] Others (please specify) _______________

- [ ] Yes
- [ ] No

If 'yes', how often?

- [ ] Monthly
- [ ] Quarterly
- [ ] Biannually
- [ ] Annually
- [ ] Others (please specify) _______________

- [ ] Yes
- [ ] No

- [ ] Every 90 days or less
- [ ] Less frequently or never (please state) _______________

**Incident or data breach response plan**

- [ ] Yes
- [ ] No

**Disaster recovery or business continuity plan**

- [ ] Yes
- [ ] No

**IT security policy or framework**

- [ ] Yes
- [ ] No

If 'yes', please provide copies and state when they were last subject to review: _______________

- [ ] Yes
- [ ] No

If 'yes', please provide a copy of the results.

- [ ] Yes
- [ ] No

- [ ] Yes
- [ ] No

How often do you review administrator rights and access?

Is MFA used for administrative account access?

- [ ] Yes
- [ ] No

- [ ] Yes
- [ ] No

- [ ] Yes
- [ ] No

If 'yes', do they use HTTPS?

- [ ] Yes
- [ ] No

- [ ] Yes
- [ ] No

- [ ] Yes
- [ ] No

If 'yes', please state:

| Name of provider | Outsourced function |
|---|---|
| | |
| | |
| | |
| | |

- [ ] Yes
- [ ] No

If 'yes', please state:

| Name of provider | Outsourced function |
|---|---|
| | |
| | |
| | |
| | |

If 'yes', how often are audits conducted?

- [ ] Monthly
- [ ] Quarterly
- [ ] Biannually
- [ ] Annually
- [ ] Others (please specify) _______________

- [ ] Yes
- [ ] No

- [ ] Yes
- [ ] No

- [ ] Yes
- [ ] No

| | Amount |
|---|---|
| Current year estimate | |
| Last financial year | |

- [ ] Yes
- [ ] No

- [ ] 0 to 6 hours
- [ ] 6 to 12 hours
- [ ] 12 to 24 hours
- [ ] A day or more

| Singapore | Asia | Australia & New Zealand | USA & Canada | Europe | UK | Others |
|---|---|---|---|---|---|---|
| | | | | | | |

| Category | Number |
|---|---|
| Personal (name, email, residential address, telephone or mobile number) | |
| Date of birth | |
| Bank details including account data, debit and credit cards | |
| Health information | |
| Tax records, including tax file numbers and references | |
| Others, please describe | |

- [ ] Yes
- [ ] No

If 'yes', how many per year? _______________

- [ ] Yes
- [ ] No

Please provide details:

**Your own network**

Last financial year _______________

**On any single server** _______________

**In any central/single location** _______________

- [ ] Yes
- [ ] No

- [ ] Yes
- [ ] No

- [ ] Yes
- [ ] No

- [ ] Yes
- [ ] No

If you have answered 'yes' to any question, please provide details:

Please ensure appropriate enquiries are made of all directors and officers of the company prior to answering the following questions.

- [ ] Yes
- [ ] No

- [ ] Yes
- [ ] No

If you have answered 'yes' to any question, please provide details:

- [ ] Yes
- [ ] No

If 'yes', please state:

| Field | Value |
|---|---|
| Insurer | |
| Limit of liability | |
| Expiry date | |
| Retroactive date (if applicable) | |
| Deductible | |

- [ ] Yes
- [ ] No

If 'yes', please supply details:

Limit of indemnity required:

- [ ] SGD 500,000
- [ ] SGD 1,000,000
- [ ] SGD 2,000,000
- [ ] Other SGD _______________

I/We, the undersigned, desire to effect the insurance specified herein and declare that I/We:

- have read and understood the Important Notice.
- agree that MSIG Insurance (Singapore) Pte. Ltd. reserves its right to reject this application and cover will only be effective when accepted and confirmed in writing.
- warrant that the information and any documents given and answers to questions herein are true and correct to the best of my/our knowledge.
- have not withheld, misstated or omitted facts likely to influence the assessment of this application.
- undertake to inform MSIG Insurance (Singapore) Pte. Ltd. of any material changes to those facts before completion of the contract of insurance.
- agree that this application, declaration and any other information provided or documents supplied shall form the basis of the contract of insurance.
- agree and acknowledge that the contract of insurance will be subject to the terms, limitations, exclusions, conditions, clauses and warranties contained in the policy and/or as modified or extended by any endorsements thereon.

MSIG is committed to protecting your privacy. We collect, use and disclose the personal particulars you provide to us in accordance with the Personal Data Protection Act 2012 and MSIG's Privacy Policy, for the provision of all services related to, and protection under the insurance policy purchased from us, including for proper servicing, underwriting and claims administration. MSIG may disclose the personal particulars to its business partners and third party service providers for these purposes. Where there are more than one individual insured persons, I/we confirm they have consented to MSIG's collection, use and disclosure of their personal particulars. Please refer to the full MSIG's Privacy & Cookies Policy at www.msig.com.sg for more information.

Authorised signature (with company stamp) | Date
---|---
| 

Name & position | 
---|---
| 

---

**Document Reference:** CYB010522  
**Total Pages:** 7 of 7