BrokerageAudit
ACORD Forms & Documentation

ACORD 163 (Cyber Liability Application)

The ACORD application supplement specifically designed for cyber liability insurance submissions.

What It Is

The ACORD 163 is a relatively new addition to the ACORD forms library, designed specifically for cyber liability insurance applications. It captures information about the applicant's IT infrastructure, data handling practices, network security controls, incident response planning, and prior cyber incidents.

The form includes detailed sections on the types of data stored (PII, PHI, financial data), encryption practices, multi-factor authentication deployment, backup procedures, and employee cybersecurity training programs. It also asks about third-party vendor management and cloud service providers.

As cyber insurance underwriting has become more rigorous, the ACORD 163 provides a standardized framework for brokers to present their client's cyber risk profile.

Why It Matters for Brokers

Cyber insurance applications have become increasingly detailed as carriers tighten underwriting standards. Brokers who can efficiently and accurately complete the ACORD 163 — translating their client's IT security posture into underwriting language — have a significant advantage in securing coverage. Many cyber claims are denied or disputed because the application misrepresented the insured's security controls. Accurate ACORD 163 completion is both a sales tool and an E&O risk management practice.

Real-World Example

A healthcare practice with 50,000 patient records needs cyber liability coverage. The broker works with the practice's IT manager to complete the ACORD 163, documenting their use of encrypted email, MFA on all systems, regular security awareness training, a tested incident response plan, and SOC 2 Type II certification for their cloud provider. This thorough documentation results in competitive quotes from three cyber carriers.

Common Mistakes

  • 1Overstating the client's security controls (e.g., claiming MFA is deployed when it only covers email, not all systems), which can void coverage.
  • 2Failing to disclose prior cyber incidents or near-misses that carriers specifically ask about, creating a material misrepresentation.
  • 3Not consulting with the client's IT team when completing the form, resulting in inaccurate technical information.

How brokerageaudit.com Handles This

Submission Intake guides brokers through the ACORD 163 with plain-language explanations of each technical question. The platform flags common misrepresentations and prompts verification of critical security controls before submission.

Related Terms

Cyber Liability Insurance
Data Breach Response
Network Security Liability
Ransomware Coverage

Automate your insurance operations

From COI management to policy checking, brokerageaudit.com handles the terminology and the workflows.

Weekly insurance operations intelligence

Actionable insights on agency automation, compliance updates, and backoffice best practices — written for brokerage owners and ops managers.

  • E&O prevention tips from real agency workflows
  • Regulatory updates that affect your brokerage
  • Carrier market intelligence and rate filing alerts

Join 2,000+ agency operators

One email per week. Unsubscribe anytime.

We respect your privacy. Read our privacy policy. No spam — ever.

Bank-Level Encryption
Integrates with Applied Epic, AMS360, HawkSoft, EZLynx, NowCerts
Start free trial →