Skip to main content

What You Need To Know About Cyber Security Insurance

How to answer cyber security insurance questionnaires, and why insurance companies ask so many questions.

Cyber crimes have increased to a $50 billion industry over the last five years. As a result, insurance questionnaires for cyber security have become increasingly more complicated to answer. The reason is that cyber crimes have cost the insurance industry a lot of money recently and they need to minimize what they are paying out in claims.

It is critical to answer all the questions thoroughly and honestly – and never guess. This is because a claim will be immediately denied if you did not provide accurate information in your application.

How a Cyber Security Claim Works

They ask questions to determine what security systems and procedures you are using. An insurance underwriter will use your answers to determine the cyber insurance rate. Often they require you to implement a security service or process before coverage is effective.

Typically, they will review over 100 questions. You should always work with your internal IT Department or outsourced IT Provider to answer the questions together. Often the questions will start a dialog of “Should we have this?”. Insurance Companies are dictating the new level of technology security because they have to pay the bill.

Common Questions and Why The Insurance Companies Ask Them…

Does the applicant enforce a process for the timely installation of software updates/patches?
This is a very critical process because updates/patches are often fixing newly discovered security issues.

Does the applicant have a firewall?
Firewalls have become a necessary device for all businesses. The Firewall software should be automatically updated to keep up with the latest threats.

What security controls do you have in place for incoming emails?
Emails can contain malicious attachments or links. Using an AI-based filter will greatly reduce virus emails.

Do you enforce multi-factor authentication for all user accounts?
Multi-factor authentication is a must to protect your business network. All insurance companies are going to require you to implement this security measure.

Do you have any end-of-life or end-of-support software on your network?
Unsupported software can have security issues that will not be fixed leaving you vulnerable.

What security solutions do you use to prevent or detect malicious activity on your network?
They want to know if you are using business-grade Anti-Virus software. They will even ask for the provider’s name because only a few are acceptable to insurance companies.

Do you have a Security Operations Center (SOC)?
Is a technician checking alerts from your security software? Great to get them, but you have to act quickly for high-threat alerts.

Where and how do you backup your data and is the data encrypted?
Data is what thieves are trying to get and extort money for the return of the data. Insurance companies want to know that you have an automatic system that backs up your data and store it in a safe off-site location.

What Your Network Needs

Audit Cloud Environments

Monitor Remote Access

Disable Unnecessary Ports + Protocols

Patch externally facing equipment

One-Time Passwords

Email Code

Biometric Authentication 

Authenticator Apps


Unfortunately, there is no magic solution to protect your systems and data. You must have a comprehensive, multi-layered approach and you need to adjust for the ever-changing challenges and potential threats.


Own IT. Secure IT. Protect IT.

Let’s Talk Managed IT and Cyber Security

We emphasize accountability and the importance of taking proactive steps to enhance cybersecurity in the workplace and at home. Altek can analyze your current infrastructure, network security, and office technology to create a plan that aligns with your company’s needs while staying within a monthly budget.