Annual Cyber Insurance Questionnaire (SMB Version – Canada)

/ Cyber warranty and Cyber Insurance, FAQ / By

Section 1: General Business Information

Company Name: _________________________________________

Date Completed: ___________

Completed By (Name & Title): ______________________________

MSP Partner (if any): _____________________________________

1. Industry Type: __________________________

2. Number of Employees: ___________________

3. Annual Revenue (approx.): _______________

4. Do you process or store customer personal data? (PII, PHI, financial info)

   [ ] Yes   [ ] No

5. Do you accept credit card payments or use online payment platforms?

   [ ] Yes   [ ] No

Section 2: Security Controls

6. Do you use antivirus/EDR on all workstations and servers?

   [ ] Yes   [ ] No

7. Is MFA enabled for email, remote access, and admin accounts?

   [ ] Yes – All systems   [ ] Partial   [ ] No

8. Do you maintain a firewall or next-gen firewall?

   [ ] Yes   [ ] No

9. Are all systems and software updated/patched regularly (within 30 days)?

   [ ] Yes   [ ] No

10. Do you perform regular vulnerability scans?

   [ ] Yes – Monthly/Quarterly   [ ] No

11. Do you conduct phishing or cybersecurity awareness training?

   [ ] Yes – At least annually   [ ] No

12. Do you use email security (spam filter, link scanning, attachment scanning)?

   [ ] Yes   [ ] No

Section 3: Backup & Business Continuity

13. Do you perform daily or automated backups?

   [ ] Yes   [ ] No

14. Are backups stored off-site or in the cloud?

   [ ] Yes   [ ] No

15. Are backups encrypted and protected from ransomware (e.g., immutable)?

   [ ] Yes   [ ] No

16. Do you test backup restoration regularly?

   [ ] Yes – Quarterly or more   [ ] Occasionally   [ ] No

Section 4: Policies & Compliance

17. Do you have an Incident Response Plan documented?

   [ ] Yes   [ ] No

18. Do you have a written Acceptable Use Policy for staff?

   [ ] Yes   [ ] No

19. Do you have a documented Business Continuity or Disaster Recovery Plan?

   [ ] Yes   [ ] No

20. Have you experienced a cybersecurity incident in the last 24 months?

   [ ] Yes (details below)   [ ] No

   If yes, describe the incident:

   __________________________________________________________

   __________________________________________________________

Section 5: Managed IT & Vendors

21. Do you work with a Managed IT Services Provider (MSP)?

   [ ] Yes   [ ] No

22. Does your MSP provide: (check all that apply)

   [ ] Patch Management

   [ ] Endpoint Protection

   [ ] Backup and Disaster Recovery

   [ ] Monitoring & Alerts

   [ ] Incident Response

   [ ] Employee Security Training