Assessment
Cyber Insurance Readiness Score
Self-assess the controls insurers ask about before they'll quote — and find your gaps.
Informational self-assessment, not an insurance determination — requirements vary by carrier and policy. It reflects the controls most insurers ask about today.
1. Phishing-resistant or app-based MFA on email, VPN, and all remote access ★
2. EDR / endpoint detection & response deployed ★
3. Immutable or offline backups ★
4. Backups restore-tested in the last 90 days ★
5. Email filtering / anti-phishing in place
6. Security-awareness training + phishing simulations
7. Patch / vulnerability management on a defined cadence
8. Privileged access management (separate admin accounts)
9. Network segmentation
10. Logging & monitoring (or MDR / SOC)
11. Written and tested incident response plan ★
12. Encryption of sensitive data at rest and in transit
Cyber insurance readiness score
0
High exposure
Likely to be declined or heavily restricted. Prioritize the gaps below.
Answer all 12 remaining controls to finalize your score.
How this is calculated
Score = sum of answers (No = 0, Partial = 0.5, Yes = 1) ÷ 12 × 100. Tiers: Strong (≥85), Solid (≥70), At risk (≥50), High exposure (<50). ★ marks controls insurers commonly treat as mandatory. Unanswered items count as 0.
Combine results across tools in the Business Impact Center.
Want help closing these gaps before renewal? That's core managed-IT and security work.
Talk to our security teamCyber-insurance carriers have tightened underwriting dramatically. Applications now ask about phishing-resistant MFA, immutable backups, EDR, restore testing, and written incident response plans — not as nice-to-haves, but as gating requirements.
This checklist mirrors those questions. ★ marks controls insurers commonly treat as mandatory. A partial answer counts — but so does an honest "no." Use the critical-gaps callout to prioritize before renewal season.
This is an informational self-assessment, not an insurance determination. For the people side of ransomware defense, see our ransomware resilience guide, AI failure playbook, and phishing awareness hub. Quantify financial exposure with the Cyber Incident Cost Calculator.