Cyber insurance
Insurers are tightening underwriting requirements and denying coverage to businesses that can't demonstrate basic security controls. We close the gaps before you apply — and document everything they're going to ask for.
What you get
We go beyond ticking boxes. Every finding comes with a remediation plan, evidence documentation, and a clear answer for every question on your carrier's application.
We audit your environment against the specific controls your carrier or target carrier requires — not generic best practices — identifying every gap before the underwriter does.
Every gap comes with a prioritized remediation plan — what to fix, what to accept, what to document as a compensating control — so you're making informed decisions, not just reacting.
We help you answer every question on the application accurately and in the way underwriters want to see it — reducing the risk of misrepresentation and the coverage denials that follow.
We build a complete evidence package — screenshots, configuration exports, policy documents, and testing records — that supports your application and survives a claims investigation.
Insurability isn't a one-time milestone. We set up monitoring and annual review cadences to keep your security posture current through renewals, staff changes, and infrastructure updates.
Carriers want to see a documented IR plan. We help you build one that satisfies underwriting requirements and would actually work if you had to use it — not just check a box.
What insurers actually check
These aren't aspirational security best practices. These are the controls underwriters use to make coverage and pricing decisions right now.
Multi-factor authentication (MFA)Required on all remote access, email, and privileged accounts. Missing MFA on email alone is enough to trigger exclusions at many carriers.
Endpoint detection & response (EDR)Antivirus alone is no longer sufficient. Carriers require behavioral threat detection with centralized logging and response capabilities.
Offline & tested backupsBackups must be immutable, air-gapped or offsite, and recently tested for restoration. Untested backups are treated the same as no backups during claims review.
Email security controlsSPF, DKIM, DMARC, and anti-phishing filtering are baseline requirements. Email is still the leading attack vector and carriers price accordingly.
Patch managementA documented, consistent patching cadence for OS and third-party software. Carriers look for unpatched critical CVEs as a leading indicator of breach probability.
Privileged access management (PAM)Admin credentials must be controlled, rotated, and audited. Shared admin passwords are a hard stop for many underwriters at any coverage level.
How it works
We assess your environment against the six core underwriting controls — plus any carrier-specific requirements — and document current state with evidence for each finding.
We build a prioritized remediation plan with timelines, owners, and cost estimates — separating quick fixes from longer-term projects and identifying compensating controls where needed.
We compile the documentation package — screenshots, configuration exports, policies, test records — organized to match your carrier's application and claims review process.
We walk through your application with you, answer underwriter questions, and help you position your security posture accurately — maximizing coverage and minimizing premium.
A readiness audit takes 2–3 weeks and costs a fraction of the deductible you'd pay if a claim gets denied for a gap we could have closed.
Schedule your readiness auditGet started
Tell us about your current coverage situation and what's driving the urgency. We'll follow up within one business day.