1. What industry sector best describes your organization (or division specifically)?

2. Approximately how many individuals are employed by your organization (or specific division)?

3. What is the approximate annual revenue of your organization in USD?

4. Has your organization suffered a cyber attack, data breach, instance of electronic espionage, or fraud in the past year?

5. Has your organization taken steps to improve its cybersecurity in the past year? If so, what steps? (Examples could include hiring a chief information security officer, developing an internal security policy and review process, initiating new training for employees, etc.)

6. Does your organization attempt to assess cyber risk—and if so, how? (Examples could include consulting security firms, identifying entities that may target your organization, identifying and classifying your organization’s information assets and estimating their value, conducting a threat modeling exercise, etc.)

7. Does your organization have an insurance policy that will cover all or part of your losses in the event of a cyber attack, data breach, or other similar event? If so, does the policy cover attacks and breaches affecting your organization only or also attacks and breaches affecting third parties (like your suppliers)?

8. Why did your organization decide to obtain or not obtain a cyber insurance policy, and what were some of the challenges in making this decision? Also, what other forms of cyber risk mitigation aside from insurance, if any, does your organization use?

9. What do you think is the appropriate role for national governments in enhancing cybersecurity? Specifically, do you favor a more voluntary or regulatory approach?

10. Has having a cyber risk insurance policy helped your organization? Also, please share any additional information that you find relevant to your organization’s approach to cybersecurity, risk assessment, insurance coverage, industry collaboration, or a related topic.

T