Breach Horizon
Cyber insurance readiness

Before you renew cyber insurance, scan what underwriters can see.

Carriers increasingly validate public security signals before quoting, renewing, or paying claims. Run a passive Exposure Report first so DMARC, TLS, security-header, and public-footprint issues are visible to you before they are visible to the carrier.

Honest boundary: this is a passive public-surface check. It does not replace your policy questionnaire, internal control evidence, EDR/MFA validation, or carrier-specific underwriting requirements.

Passive, public-surface checks only — no login, no agents, no intrusive testing. Scan domains you own or manage. How scoring works

Find visible renewal risk

Catch public gaps that commonly trigger underwriting follow-up, premium pressure, or remediation requests.

Turn findings into evidence

Keep scan results, remediation notes, and retest proof together before submitting renewal paperwork.

Fix the highest-confidence items first

Prioritize visible DMARC, TLS, and header fixes before broader security-program work.

What to check first

Email authentication

SPF, DKIM, and DMARC records that reduce spoofing and invoice-fraud exposure.

TLS and HTTPS trust

Certificate validity, redirect hygiene, and browser-visible trust signals.

Security headers

HSTS, CSP, clickjacking, referrer, and content-type controls underwriters and customers can see.

Public footprint

Subdomains, stale DNS/vendor signals, lookalike domains, and public-code exposure indicators.

Evidence to keep
  • Current Exposure Report score and top findings
  • Screenshots or exported DNS/TLS/header evidence before changes
  • Remediation notes for any HIGH findings that cannot be fixed before renewal
  • Retest results after DNS, TLS, or header changes propagate
If the scan shows HIGH findings close to renewal, document the gap, the owner, and the target fix date. Underwriters generally respond better to a clear remediation plan than to vague assurances.

Need the visible findings fixed before renewal?

Use the free scan first, then route high-confidence DMARC, TLS, and security-header findings into a focused remediation request.

Get remediation help