Free check of your cyber insurance requirements against the controls UK underwriters now require, MFA, EDR and immutable backups, before you sign the proposal form. See your named gaps. We sell no insurance and take no broker commission.
UK underwriters now treat a core set of controls as conditions of cover rather than nice-to-haves: multi-factor authentication on email, remote access and admin accounts, endpoint detection and response, and immutable or offline backups. Misstating them on the proposal form can void a claim. This tool checks you against those requirements before you sign.
They are used interchangeably. Cyber liability insurance, cyber security insurance and cyber insurance all describe cover for the costs of a cyber incident: response, recovery, business interruption and third-party claims. Whatever the policy is called, the underwriting questions about your controls are broadly the same, and this check maps to them.
If a ransomware event or data breach would seriously disrupt your business or trigger regulatory and customer obligations, cover is worth pricing. But insurers will only offer sensible terms if your controls are in place. Run this check first: it tells you whether you are insurable on good terms, and what to fix if you are not.
No. This is a private dry run, not an application. Nothing you enter is sent to an underwriter or broker. You answer the same kind of questions a strict cyber insurance proposal form asks, see where you would struggle, and fix the gaps before any of it becomes a binding legal warranty.
On a cyber insurance proposal form, every control you tick becomes a warranty. Industry data suggests roughly a third of denied claims trace to controls that were attested on the application but not maintained in practice, most often an incomplete MFA rollout. If a claim turns on a control you claimed but cannot evidence, the insurer can reduce or refuse the payout.
Three are now close to mandatory before an underwriter will quote: multi-factor authentication enforced everywhere, endpoint detection and response (EDR or MDR) on every machine, and immutable, tested backups. A 'no' on any of these is treated as a likely decline or a major loading, regardless of how strong the rest of your answers are.
Increasingly, yes. UK underwriters now verify proposal-form answers against external data before binding: external attack-surface and Shodan-style scans, DMARC records, exposed login panels and dark-web credential monitoring, and roughly three in four run an external scan as part of underwriting. The supplemental is treated as a contractual representation, so an answer the scan contradicts can cost you cover. Answer only what you could evidence.
Closing the gaps it finds can. Rates are softening, but only for clean risks: underwriters reserve the discounts for organisations that can evidence the controls. We sell no insurance and take no broker commission, so the verdict has no financial stake in the answer.
Look past the headline limit. Ransomware, business email compromise and funds-transfer fraud, regulatory defence and contingent business interruption usually carry separate sublimits well below it; ransomware increasingly carries coinsurance (you share the loss); and standalone cyber policies now carry a state-backed-attack exclusion whose specific clause version matters at claim time. Confirm your notification window too, because late notice is a leading denial reason. This check ends with a short coverage-structure list to take to your broker.
No. It is the readiness check you do first. A broker places the policy and an auditor tests your estate. This tells you, privately and in the underwriter's own language, whether you are ready to attest, before you sign anything.
You answer across the seven control areas an underwriter now probes and receive a renewal verdict, the specific gaps an underwriter would price or decline on, a prioritised list of what to fix before you sign the proposal form, and a short coverage-structure checklist to pressure-test the policy itself with your broker.