Skip to main content
🧠Educationalbeginner4 min read

Preparing for Cyber Insurance: What Underwriters Look For

What cyber insurance underwriters actually evaluate and how to position your business for better coverage and lower premiums.

cyber insurancecompliancerisk managementSMB security
Share:𝕏in

Preparing for Cyber Insurance: What Underwriters Look For

Cyber insurance has gone from "nice to have" to essential for most businesses. But getting good coverage at reasonable rates requires understanding what underwriters actually evaluate.

The Changing Landscape

What's Different Now

  • Applications are longer and more technical
  • Premiums have increased 50-100% in recent years
  • Coverage is harder to get without baseline controls
  • Claims are scrutinized more carefully
  • Certain controls are now mandatory

Why Underwriters Are Stricter

  • Ransomware claims have skyrocketed
  • Payouts have been enormous
  • Some insurers have exited the market
  • Actuarial data is still developing

What Underwriters Evaluate

Must-Have Controls

These will likely disqualify you if missing:

Multi-Factor Authentication (MFA)

  • Required for email
  • Required for remote access
  • Required for privileged accounts
  • Required for cloud services

Underwriter question: "Is MFA enabled for all remote access, email, and privileged accounts?"

Endpoint Detection and Response (EDR)

  • Beyond traditional antivirus
  • Active threat detection
  • Behavioral analysis
  • 24/7 monitoring preferred

Underwriter question: "Do you use EDR/MDR with 24/7 monitoring on all endpoints?"

Backup and Recovery

  • Regular backups
  • Tested restoration
  • Offline/immutable copies
  • Separated from production network

Underwriter question: "Are backups stored offline or air-gapped? When did you last test restoration?"

Patch Management

  • Regular patching schedule
  • Critical patches within 30 days
  • Documented process

Underwriter question: "What is your patch management process and timeline for critical vulnerabilities?"

Important Controls

These significantly impact premiums:

Email Security

  • Spam filtering
  • Anti-phishing measures
  • DMARC/DKIM/SPF
  • Link protection

Security Awareness Training

  • Regular training (at least annual)
  • Phishing simulations
  • Documented completion

Incident Response Plan

  • Written plan
  • Tested through exercises
  • Defined roles and contacts

Privileged Access Management

  • Limited admin accounts
  • Just-in-time access
  • Separate credentials for admin tasks

Nice-to-Have Controls

These can reduce premiums further:

  • Security Operations Center (SOC) or managed detection
  • Vulnerability scanning program
  • Penetration testing
  • Zero Trust architecture
  • Security certifications (SOC 2, ISO 27001)

The Application Process

Expect These Questions

  1. MFA coverage: What percentage of users have MFA enabled?
  2. Backup isolation: Are backups protected from ransomware?
  3. EDR deployment: What endpoint protection do you use?
  4. Patch timeline: How quickly are critical patches applied?
  5. Training program: Do you conduct security awareness training?
  6. Network segmentation: Is your network segmented?
  7. Incident response: Do you have a documented IR plan?
  8. Third-party access: How do you manage vendor access?

Documentation to Prepare

  • Network diagram
  • Security tool inventory
  • Backup procedures and test results
  • Training records
  • Incident response plan
  • Patch management policy
  • MFA deployment status
  • Recent security assessments

Optimizing Your Application

Be Accurate

Misrepresentation can void coverage. Answer honestly.

Provide Evidence

Screenshots, policies, and attestation letters strengthen your application.

Highlight Improvements

If you've recently implemented controls, document when and show evidence.

Work With a Specialist Broker

Cyber insurance specialists know what underwriters want and how to present your risk profile favorably.

Common Disqualifiers

You may struggle to get coverage if you have:

  • No MFA on email or remote access
  • No EDR/advanced endpoint protection
  • No offline backups
  • End-of-life operating systems
  • Previous claims (especially ransomware)
  • Critical unpatched vulnerabilities

Coverage Considerations

What to Look For

  • First-party coverage: Your direct losses
  • Third-party coverage: Claims from others
  • Ransomware sub-limits: Often capped
  • Business interruption: Revenue loss during incidents
  • Regulatory coverage: Fines and investigation costs
  • Social engineering: Wire fraud, BEC attacks

Common Exclusions

  • War and terrorism
  • Prior known incidents
  • Unpatched vulnerabilities
  • Unencrypted data (sometimes)
  • Failure to follow security procedures

The Premium Negotiation

Factors That Lower Premiums

  • Strong security controls
  • No claims history
  • Regular security testing
  • Employee training program
  • Incident response readiness
  • Security certifications

Factors That Raise Premiums

  • Previous breaches or claims
  • Sensitive data (healthcare, financial)
  • High revenue
  • Inadequate controls
  • Industry risk profile

Action Plan

Before Your Renewal

60 Days Out:

  • Review current controls against requirements
  • Identify gaps
  • Start implementing missing controls

30 Days Out:

  • Document all security measures
  • Gather evidence (screenshots, reports)
  • Complete application thoroughly

At Renewal:

  • Work with your broker on presentation
  • Be prepared to answer technical questions
  • Consider multiple quotes

Need help preparing for your cyber insurance application? Contact us: m1k3@msquarellc.net

Found this helpful? Share it:

Share:𝕏in

Need Help With This?

Have questions about implementing these security practices? Let's discuss your specific needs.

Get in Touch

More in Educational

Explore more articles in this category.

Browse 🧠 Educational

Related Articles