The application is increasingly an audit of your security. Incomplete answers can void the policy.
Do you need it?
- What would a 5-day outage cost you?
- What would notifying customers cost?
- Do any of your customer contracts require cyber insurance?
What good cover usually includes
- Incident response: technical, forensic, legal, PR.
- Business interruption.
- Data restoration costs.
- Customer notification.
- Cyber extortion (with caveats).
- Regulatory fines (where insurable).
Common gaps to ask about
- Social engineering / BEC fraud.
- Ransom payments.
- Supplier failure.
- State-actor exclusions.
- Retroactive date.
What insurers want before they quote
- MFA on email and admin.
- Tested, ideally immutable backups.
- EDR on endpoints.
- Staff training on phishing.
- An incident response plan.
If you make a claim
- Notify within the policy window.
- Use the insurer's panel response provider.
- Keep contemporaneous notes.