Technical Expertise

April 26, 2022   •   6 minute read

The Cyber Underwriting Process

Cyber underwriting is the process by which insurers evaluate an organization to determine the scope of a policy, and takes several considerations into account.

In determining insurance coverage, cyber underwriters must effectively weigh organizational risks and the extent to which these are mitigated through risk management and cybersecurity.

By evaluating a company’s existing monitoring software, data management, security procedures, breach history, and relative benchmark against similar companies, among other elements, insurers issue appropriate plans that cover lost assets from a cyber event.

What Does Cyber Insurance Cover?

Providing valuable protection for your company’s assets in a cyberattack, cyber insurance —similar to health, dental, or vision insurance—varies in deductibles, coverage scope, liability, and more. 

Although each policy is different, many cover first-party claims (filed by the policyholder) such as data loss and restoration, damaged or destroyed hardware, interrupted business operations, cyber extortion, forensic and legal investigation, credit monitoring, litigation, or costs required to notify customers about a breach. Policies also encompass third-party claims (filed by someone other than the policyholder) such as security and privacy liability, electronic media liability, and regulatory claims. 

In determining traditional policy coverage, cyber underwriters might exclude any number of the aforementioned claims, along with property damage, bodily injuries, acts of war or terrorism, fraud, and intentionally harmful actions taken by the business.

What Do Cyber Underwriters Evaluate? 

Underwriters may take a number of factors into consideration when determining your company policy’s scope, coverage, and deductibles, among other items.

1. Existing Cybersecurity Monitoring

Perhaps the most important of these is the presence of an existing, robust, continuous monitoring system, providing full visibility into cybersecurity posture at all times to assess potential risks before they become threats. In fact, many underwriters will not do business with companies lacking this pertinent security measure, as that vulnerability is a significant risk to them. 

In a recent change from past underwriting practices, many insurers are currently asking for more detail to better understand the risks they would be covering, delving more deeply into specific practices, protocols, and controls to actively detect cyberattacks such as ransomware

2.  Basic Business Information 

Given that an underwriter’s job is to assess risks to determine pricing and insurance limits, ​​they depend on detailed and forthright information presented within your application—and any vagueness or inaccuracies can create issues for a claim, reads a brief by independent insurance agency The Insurance Exchange. 

To gain an understanding of your company’s operations, underwriters require baseline information such as your industry, as well as how much and what type of information you store (customer names, addresses, Social Security numbers, etc.).

3. Data Backups & Management

Now that the firm has an idea of what information your business stores, they will likely evaluate how you do so: Do you back up all data on a regular basis? Is data backed up to a location other than the main server? Is confidential data segregated over multiple interfaces to prevent total loss in a breach? Do you have a disaster recovery plan in place for a cyberattack? 

Asking questions such as these enables underwriters to assess the level of your company’s potential data loss risk, the aforementioned Insurance Exchange brief continues.

4. Security Policies & Procedures

Insurers will also likely examine day-to-day security policies and protocols to build an understanding of your company’s posture. Not only will they evaluate the cybersecurity in place, but also habitual company practices around passwords, use of personal devices for work, and whether access is revoked for former employees, reads the brief.

This scan is necessary for underwriters to note any at-risk endpoints (laptops and computers), lack of two-factor authentication, and poor email and password literacy, among other unsafe practices that could compromise security.

5. Breach History

Along with assessing the potentiality of your risk in the future, insurers might also consider historical data and security breaches to understand overall vulnerability and effectiveness of current security measures.

Startling statistics underscore the prevalence of repeat cyberattacks: Eighty percent of businesses that pay the ransom during a ransomware attack end up suffering a second attack, often from the same adversary. Only about 40% of small businesses ever recover from an attack, not to mention the financial and reputational damages usually suffered. 

A history of data breaches, ransomware attacks, and data exfiltration, among other cybercrimes sheds significant light on overall security posture—and, in some cases, is a predictor of future attacks.

6. Relative Benchmark

Some insurers might compare your security alongside other related companies—a process known as benchmarking—to understand how your company’s risks, mitigation, and response plans measure against industry standards. This denotes whether your business is considered more of a comparative risk, and helps calculate appropriate coverage, scope, price, deductible, and more.

Tips for Applying for Cyber Insurance

Although there are many considerations cyber underwriters might take into account when determining your policy scope, businesses can manage an effective, accurate, and transparent process by following these tips, states the aforementioned brief:

  • Compile Accurate Company Data: Insurers depend on detail and accuracy in your application. Businesses can do their due diligence by consulting with IT departments and collecting accurate data, and by quantifying network data and customer information.
  • Be Honest: Companies should be forthright about known information, risks, mitigation procedures, and existing cybersecurity to be granted a suitable policy and avoid risk of a policy being terminated in the future due to inaccurate information.
  • If Your Company Lacks Cybersecurity, Invest in it Before Applying: Not only might many insurers deny your application without cybersecurity, but relying on multifaceted monitoring software empowers your business with full visibility to detect and contain cyber threats before even needing to rely on your insurance policy.

Why Cybersecurity Is Vital to Your Business 

Although cyber insurance is a necessary supplement, no business’ security defense strategy is fully complete without continuous-monitoring cybersecurity software

Full visibility is critical in recognizing threat activity, patterns, and suspicious behaviors, and neutralizing them before hackers have the opportunity to strike. 

Of the 105% surge in ransomware attacks in 2021—costing the world an inconceivable $6 trillion—a “meager 24% of cybersecurity professionals invest in cyberattack prevention,” according to an analysis from Parachute managed IT services. Fifty-six percent of organizations lack an incident response plan altogether, the analysis continues.

During a time when adversaries’ tactics are quickly evolving, it is vital that businesses invest in the cutting-edge cybersecurity technologies available to detect threat penetration and contain it, altogether lessening reactive reliance on solely cyber insurance in the first place. 


Cybersafe Solutions is a state-of-the-art managed security provider, specializing in cyber threat detection, response, and containment, and providing 24/7/365 visibility into your business’ security posture at all times. 

With more than 20 years of experience in the cybersecurity landscape, our expert team of certified specialists utilizes ​​the latest technology to guard against the cyber adversaries that populate the online threat landscape. Contact us today to learn more.