Insurer (Non-Small) Groups or Companies

C3-E3

Total 2022 TRIP-Eligible DEP (All Cyber Policies)

Provide the amount of DEP charged for cyber coverage in TRIP-eligible lines.

• Enter totals for the United States as a whole.

• Enter 2022 TRIP-eligible DEP for “standalone” cyber policies in Cell C3.

• Enter 2022 TRIP-eligible DEP for package policies in Cell D3. Only include premium associated with the cyber coverage in the policy. If the policy does not specify the cyber premium, provide an estimate of the cyber component of the package policy.

• Policies that may respond to a cyber loss but do not explicitly provide coverage for cyber risks (sometimes characterized as non-affirmative cyber or “silent cyber”) should not be included in this worksheet.

• Policies that provide cyber coverage outside of TRIP-eligible lines should not be included.

Cell E3 must show the sum of the values entered in Cells C3 and D3.

Cells C3-E3 must show the sum of the values respectively entered in Cells C4-E4 and C5-E5.

C4-E4

Total 2022 TRIP-Eligible DEP for Cyber Policies (Terrorism Risk Coverage Declined)

Provide total 2022 DEP of cyber policies in TRIP-eligible lines, where terrorism risk coverage was not provided to the policyholder.

• Include premium in this row only if a cyber policy did not provide any coverage subject to TRIP.

• Enter 2022 TRIP-eligible DEP for “standalone” cyber policies in Cell C4.

• Enter 2022 TRIP-eligible DEP for package policies containing cyber coverage in Cell D4. Only include premium associated with the cyber coverage in the policy. If the policy does not specify the cyber premium, provide an estimate of the cyber component of the package policy.

• Policies that may respond to a cyber loss but do not explicitly provide coverage for cyber risks (sometimes characterized as non-affirmative cyber or “silent cyber”) should not be included in this worksheet.

• Policies that provide cyber coverage outside of TRIP-eligible lines should not be included in these fields. See C7-E7.

Cell E4 must show the sum of the values entered in Cells C4 and D4.

C5-E5

Total 2022 TRIP-Eligible DEP for Cyber Policies (Terrorism Risk Coverage Provided)

Provide total 2022 DEP of cyber policies in TRIP-eligible lines, where terrorism risk coverage was provided to the policyholder.

• Include premium in this row only if a cyber policy provided coverage subject to TRIP.

• Enter 2022 TRIP-eligible DEP for “standalone” cyber policies in Cell C5.

• Enter 2022 TRIP-eligible DEP for package policies containing cyber coverage in Cell D5. Only provide premium associated with the cyber coverage. If the policy does not specify the cyber premium, provide an estimate of the cyber component of the package policy.

• Policies that may respond to a cyber loss but do not explicitly provide coverage for cyber risks (sometimes characterized as non-affirmative cyber or “silent cyber”) should not be included in this worksheet.

• Policies that provide cyber coverage outside of TRIP-eligible lines should not be included.

Cell E5 must show the sum of the values entered in Cells C5 and D5.

C6-E6

Total 2022 DEP Charged for Terrorism Risk Coverage Under Cyber Policies

Provide the amount of DEP charged for terrorism risk in cyber policies providing terrorism risk coverage. Enter 2022 DEP charged for terrorism risk in “standalone” cyber policies in Cell C6. Enter 2022 DEP charged for terrorism risk in package policies containing cyber coverage in Cell D6.

• These figures, representing premium charged for terrorism risk, should be a component of the amounts provided in C5 and D5, respectively.

• For purposes of cyber coverage provided as part of a package policy, do not provide as the terrorism risk coverage DEP the total amount of terrorism risk coverage DEP provided under the policy as a whole. Provide only the amount associated with the cyber portion of the coverage or estimate an appropriate amount from the amount charged under the policy as a whole.

• Policies that may respond to a cyber loss but do not explicitly provide coverage for cyber risks (sometimes characterized as non-affirmative cyber or “silent cyber”) should not be included in this worksheet.

• Do not include premiums for terrorism coverage that is not subject to TRIP (“non-certified” coverage).

Cell E6 must show the sum of the values entered in Cells C6 and D6.

C7-E7

Total 2022 Non-TRIP-Eligible DEP (All Cyber Policies)

Provide the amount of DEP charged for cyber coverage in the lines of insurance not subject to TRIP.

• Enter totals for the United States as a whole.

• Enter 2022 non-TRIP-eligible DEP for “standalone” cyber policies in Cell C7.

• Enter 2022 non-TRIP-eligible DEP for package policies in Cell D7. Only include premium associated with the cyber coverage in the policy. If the policy does not specify the cyber premium, provide an estimate of the cyber component of the package policy.

• Policies that may respond to a cyber loss but do not explicitly provide coverage for cyber risks (sometimes characterized as non-affirmative cyber or “silent cyber”) should not be included in this worksheet.

Cell E7 must show the sum of the values entered in Cells C7 and D7.

C8-E8

Total 2022 Number of Cyber Policies Issued in TRIP-Eligible Lines of Insurance

Provide the corresponding 2022 policy count for the DEP provided in Cells C3-D3.

Cell E8 must show the sum of the values entered in Cells C8 and D8.

C9-E9

Total 2022 Number of Cyber Policies Issued (Terrorism Risk Coverage Provided)

Provide the corresponding 2022 policy count for the DEP provided in Cells C5-D5.

Cell E9 must show the sum of the values entered in Cells C9 and D9.

C10-E10

Total 2022 Number of Cyber Policies Issued in Non-TRIP-Eligible Lines of Insurance

Provide the corresponding 2022 policy count for the DEP provided in Cells C7-D7.

Cell E10 must show the sum of the values entered in Cells C10 and D10.

C11-E11

Total 2022 Number of all Cyber Policies Issued

Provide the corresponding 2022 policy count for all cyber policies issued in TRIP-Eligible and Non-Trip-Eligible Lines of insurance combined. Cell C11 must show the sum of the values entered in Cells C8 and C10, and Cell D11 must show the sum of the values entered in Cells C8 and D10.

C12-E12

Total 2022 Number of all Cyber Policies Issued to Small Policyholders (100 or fewer employees or less than $10 million in revenue)

Taking the figures reported in Line 11, identify the number of policies where the policyholder reported 100 or fewer employees or, in the alternative, reported less than $10 million in annual revenue. The sum of Cells E12, E13, and E14 must show the value entered in Cell E11.

C13-E13

Total 2022 Number of all Cyber Policies Issued to Medium Policyholders (101-500 employees or $10-$100 million in revenue)

Taking the figures reported in Line 11, identify the number of policies where the policyholder reported between 101 and 500 employees or, in the alternative, reported between $10 million and $100 million in annual revenue. The sum of Cells E12, E13, and E14 must show the value entered in Cell E11.

C14-E14

Total 2022 Number of all Cyber Policies Issued to Large Policyholders (501 or more employees or more than $100 million in revenue)

Taking the figures reported in Line 11, identify the number of policies where the policyholder reported more than 500 employees or, in the alternative, reported more than $100 million in annual revenue. The sum of Cells E12, E13, and E14 must show the value entered in Cell E11.

C15-E15

Total 2022 DEP of all Cyber Policies Issued to Small Policyholders (100 or fewer employees or less than $10 million in revenue)

Provide the DEP associated with the number of policies reported in Line 12. The sum of Cells E15, E16, and E17 must show the sum of the values entered in Cells E3 and E7.

C16-E16

Total 2022 DEP of all Cyber Policies Issued to Medium Policyholders (101-500 employees or $10-$100 million in revenue)

Provide the DEP associated with the number of policies reported in Line 13. The sum of Cells E15, E16, and E17 must show the sum of the values entered in Cells E3 and E7.

C17-E17

Total 2022 DEP of all Cyber Policies Issued to Large Policyholders (501 or more employees or more than $100 million in revenue)

Provide the DEP associated with the number of policies reported in Line 14. The sum of Cells E15, E16, and E17 must show the sum of the values entered in Cells E3 and E7.

C18-E18

Total 2022 Limits of Liability for Cyber Policies Issued in TRIP-Eligible Lines of Insurance

Provide the insurer’s total 2022 liability exposure for all cyber liability coverage provided in connection with the corresponding amounts reported in Cells C3 and D3.

• Include the total amount of the reporting insurer's liability exposure (and thus do not include amounts within a policyholder’s deductible, etc.).

• Use the limits of the liability insurance to calculate the insurer’s exposure.

• For cyber coverage provided as part of a package policy, provide the limits associated with the cyber coverage provided.

• If the policy has an aggregate limit, use the aggregate limit.

• If the policy is subject to a per occurrence limit and not an aggregate limit, use the single occurrence limit.

Where a policy is not subject to defined limit of liability, estimate exposure using a maximum probable loss model.

C19-E19

Total 2022 Limits of Liability for Cyber Policies Providing Coverage for Losses for Certified Acts of Terrorism Under TRIP

Provide the insurer’s total 2022 liability exposure for all cyber liability coverage provided in connection with the corresponding amounts reported in Cells C5 and D5.

• Include the total amount of the reporting insurer's liability exposure (and thus do not include amounts within a policyholder’s deductible, etc.).

• Use the limits of the liability insurance to calculate the insurer’s exposure.

• For cyber coverage provided as part of a package policy, provide the limits associated with the cyber coverage provided.

• If the policy has an aggregate limit, use the aggregate limit.

• If the policy is subject to a per occurrence limit and not an aggregate limit, use the single occurrence limit.

• Where a policy is not subject to defined limit of liability, estimate exposure using a maximum probable loss model.

C20-E20

Total 2022 Limits of Liability for Cyber Policies Issued in Non-TRIP-Eligible Lines of Insurance

Provide the insurer’s total 2022 liability exposure for all cyber liability coverage provided in connection with the corresponding amounts reported in Cells C7 and D7.

• Include the total amount of the reporting insurer's liability exposure (and thus do not include amounts within a policyholder’s deductible, etc.).

• Use the limits of the liability insurance to calculate the insurer’s exposure.

• For cyber coverage provided as part of a package policy, provide the limits associated with the cyber coverage provided.

• If the policy has an aggregate limit, use the aggregate limit.

• If the policy is subject to a per occurrence limit and not an aggregate limit, use the single occurrence limit.

Where a policy is not subject to defined limit of liability, estimate exposure using a maximum probable loss model.

C21-E21

Total 2022 Limits of Liability for Cyber Extortion under Cyber Policies Issued in TRIP-Eligible Lines of Insurance

Provide the insurer’s total 2022 liability exposure for cyber extortion coverage only that is provided in connection with the corresponding amounts reported in Cells C3 and D3.

• Include the total amount of the reporting insurer's cyber extortion exposure (and thus do not include amounts within a policyholder’s deductible, etc.).

• Use the limits of the cyber extortion insurance to calculate the insurer’s exposure.

• For cyber extortion coverage provided as part of a package policy, provide the limits associated with the cyber extortion coverage provided.

• If the policy has an aggregate limit, use the aggregate limit.

• If the policy is subject to a per occurrence limit and not an aggregate limit, use the single occurrence limit.

Where a policy is not subject to defined limit of liability, estimate exposure using a maximum probable loss model.

C22-E22

Total 2022 Limits of Liability for Ransom Payments for Cyber Extortion under Cyber Policies Issued in TRIP-Eligible Lines of Insurance

Provide the insurer’s total 2022 liability exposure for ransom payments for cyber extortion that is provided in connection with the corresponding amounts reported in Cells C3 and D3.

• Include the total amount of the reporting insurer's ransom payment exposure (and thus do not include amounts within a policyholder’s deductible, etc.).

• Use the limits of the ransom payment insurance to calculate the insurer’s exposure.

• For ransom payment coverage provided as part of a package policy, provide the limits associated with the ransom payment coverage provided.

• If the policy has an aggregate limit, use the aggregate limit.

• If the policy is subject to a per occurrence limit and not an aggregate limit, use the single occurrence limit.

Where a policy is not subject to defined limit of liability, estimate exposure using a maximum probable loss model.

C23-E23

Total 2022 Limits of Liability for Cyber Extortion under Cyber Policies Issued in Non-TRIP-Eligible Lines of Insurance

Provide the insurer’s total 2022 liability exposure for cyber extortion coverage only that is provided in connection with the corresponding amounts reported in Cells C7 and D7.

• Include the total amount of the reporting insurer's cyber extortion exposure (and thus do not include amounts within a policyholder’s deductible, etc.).

• Use the limits of the cyber extortion insurance to calculate the insurer’s exposure.

• For cyber extortion coverage provided as part of a package policy, provide the limits associated with the cyber extortion coverage provided.

• If the policy has an aggregate limit, use the aggregate limit.

• If the policy is subject to a per occurrence limit and not an aggregate limit, use the single occurrence limit.

Where a policy is not subject to defined limit of liability, estimate exposure using a maximum probable loss model.

C24-E24

Total 2022 Limits of Liability for Ransom Payments for Cyber Extortion under Cyber Policies Issued in Non-TRIP-Eligible Lines of Insurance

Provide the insurer’s total 2022 liability exposure for ransom payments for cyber extortion that is provided in connection with the corresponding amounts reported in Cells C7 and D7.

• Include the total amount of the reporting insurer's ransom payment exposure (and thus do not include amounts within a policyholder’s deductible, etc.).

• Use the limits of the ransom payment insurance to calculate the insurer’s exposure.

• For ransom payment coverage provided as part of a package policy, provide the limits associated with the ransom payment coverage provided.

• If the policy has an aggregate limit, use the aggregate limit.

• If the policy is subject to a per occurrence limit and not an aggregate limit, use the single occurrence limit.

Where a policy is not subject to defined limit of liability, estimate exposure using a maximum probable loss model.

C25-E25

Total 2022 Direct Losses Paid for Cyber Extortion under all Cyber Policies Issued

Provide the insurer’s total 2022 payments for direct losses paid for cyber extortion. Amounts reported should be in connection with the policies associated with the amounts reported in Cells C3 and C7, and D3 and D7, as well as any other cyber policy issued if the payments were made in 2022.

C26-E26

Total 2022 Direct Losses Incurred for Cyber Extortion under all Cyber Policies Issued

Provide the insurer’s total 2022 amounts incurred, but not paid, for direct losses for cyber extortion. Amounts reported should be in connection with the policies associated with the amounts reported in Cells C3 and C7, and D3 and D7, as well as any other cyber policy issued if the amounts were incurred in 2022.

C27-E27

Total 2022 Direct Losses Paid for Cyber Extortion (Ransom Payment or Reimbursement Only) under all Cyber Policies Issued

Provide the insurer’s total 2022 payments for ransom payments only, as part of cyber extortion coverage. Amounts reported should be in connection with the policies associated with the amounts reported in Cells C3 and C7, and D3 and D7, as well as any other cyber policy issued if the ransom payment was made in 2022.

C28-E28

Total 2021 Number of Claims Associated with Payments reported in Line 27

Provide the number of claims associated with the payments identified in Line 27.

C29-E29

Total 2022 Direct Defense and Loss Containment Amounts Paid for Cyber Extortion under all Cyber Policies Issued

Provide the insurer’s total 2022 payments for direct defense and loss containment amounts paid for cyber extortion. Amounts reported should be in connection with the policies associated with the amounts reported in Cells C3 and D7, and D3 and D7, as well as any other cyber policy issued if the payments were made in 2022.

C30-E30

Total 2022 Direct Defense and Loss Containment Amounts Incurred for Cyber Extortion under all Cyber Policies Issued

Provide the insurer’s total 2022 amounts incurred, but not paid, for direct defense and loss containment for cyber extortion. Amounts reported should be in connection with the policies associated with the amounts reported in Cells C3 and C7, and D3 and D7, as well as any other cyber policy issued if the amounts were incurred in 2022.