Breach Horizon
Pre-renewal checklist

Before you renew cyber insurance, check these 10 items.

Underwriters and claim reviewers may compare questionnaire answers with the controls that were actually in place. Verify each item, preserve dated evidence, and describe gaps honestly before submitting the renewal.

The 10 controls to verify

  1. Item 1

    MFA coverage

    Verify MFA is enforced for every administrator, email user, and remote-access account. Record exceptions instead of treating enrollment as enforcement.

  2. Item 2

    DMARC enforcement

    Publish DMARC at p=quarantine or p=reject after confirming every legitimate sender is aligned.

  3. Item 3

    Endpoint detection and response

    Confirm EDR is active on every supported endpoint and document any unmanaged or offline devices.

  4. Item 4

    Immutable backups

    Keep an off-site or immutable copy and retain evidence of a successful restore test within the last six months.

  5. Item 5

    Patch management

    Document ownership and timelines for operating-system and high-risk application patches, including exceptions.

  6. Item 6

    Incident response plan

    Keep the insurer, broker, breach counsel, and incident-response firm contacts in a tested call tree.

  7. Item 7

    Security awareness training

    Record completion for every employee and provide focused training for finance and privileged users.

  8. Item 8

    Privileged access

    Inventory administrator accounts, remove standing access where possible, and protect emergency accounts.

  9. Item 9

    Network segmentation

    Separate business-critical systems from guest, operational-technology, and untrusted IoT networks.

  10. Item 10

    Wire-transfer verification

    Require a callback to a previously known phone number for new beneficiaries or changed payment instructions.

Use the questionnaire as a forcing function

Each unsupported answer is a prioritized risk. If a control is incomplete, record the current coverage, responsible owner, compensating control, and target completion date. An accurate partial answer with evidence is more defensible than a clean answer that fails during claim review.

Frequently asked questions

What if a control is only partially deployed?

Tell your broker before submission. State the verified coverage, exception count, compensating controls, owner, and target date rather than answering with an unsupported yes.

Does the free scan replace the carrier questionnaire?

No. It verifies public DNS, TLS, HTTP-header, and attack-surface signals. Internal controls such as MFA, EDR, backup restores, and training still need evidence from your systems.

How often should we refresh renewal evidence?

Refresh it before renewal, after material IT changes, and whenever a major gap is closed. Save dated exports or screenshots with the submitted application.

Does cyber insurance always pay ransomware demands?

Coverage, exclusions, sublimits, and payment rules vary by policy. Confirm the exact terms with your broker or qualified counsel before an incident.

See what attackers see — before they do.

Run the free passive scan, get a prioritized fix plan, and close the gaps yourself or have us do it for you.