Assess your organisationβs cyber readiness before applying for or renewing insurance. This self-check highlights common controls insurers look for:
| Control | Status | Notes | Responsible |
|---|---|---|---|
| MFA for email, VPN, admin portals | Yes / No / Partial | ||
| Backups: Offsite, immutable, tested monthly | Yes / No / Partial | ||
| EDR or Antivirus with alerts | Yes / No / Partial | ||
| Patch Management policy & tracking | Yes / No / Partial | ||
| Privileged access is limited and logged | Yes / No / Partial |
| Policy | Status | Notes | Responsible |
|---|---|---|---|
| Cybersecurity Policy is documented and current | Yes / No / Partial | ||
| Incident Response Plan is written and tested | Yes / No / Partial | ||
| Named person responsible for security posture | Yes / No / Partial | ||
| Quarterly phishing training in place | Yes / No / Partial | ||
| Security awareness is part of onboarding | Yes / No / Partial |
Note: Insurers may ask for evidence. Prepare documentation, screenshots, or policy excerpts to support your responses.
π Not sure how to improve your answers?