Cyber Insurance Readiness
Cyber insurance does not pay out because you have a policy. It pays out because you can prove the controls were in place. Underwriters are denying claims and canceling policies for organizations that cannot demonstrate MFA, EDR, patching, and backup hygiene. Domain 10 ensures every control the carrier requires is documented, operational, and defensible.
Having a Policy Is Not the Same as Being Covered
The cyber insurance market has fundamentally changed. Carriers that once issued policies based on a one-page questionnaire now conduct detailed underwriting reviews — and they are denying claims when the controls attested to on the application don’t match reality at the time of the incident. Paying premiums for years provides no protection if the claim gets denied because MFA wasn’t enforced on privileged accounts or backups weren’t tested.
Premium costs have increased 62% since 2020, coverage limits are tightening, and exclusions are expanding. Organizations with strong, documented security postures are getting better rates and higher coverage limits. Organizations that cannot demonstrate their controls are getting declined — or discovering after an incident that their policy doesn’t cover what they thought it did.
Carriers are denying ransomware claims when organizations cannot prove the controls they attested to were actually in place. MFA not enforced. Backups not tested. EDR not deployed. The policy existed. The premium was paid. The claim was denied. Domain 10 makes sure that never happens to your client.
- MFA not enforced on privileged accounts
- Backups exist but have never been tested
- No EDR — antivirus only on endpoints
- Application questionnaire filled out from memory
- No documented IR plan or tested procedures
- Patch cadence unknown — no centralized visibility
- High premiums, lower limits, broader exclusions
- MFA enforced everywhere — documented and auditable
- Backups tested quarterly with documented results
- EDR deployed on every managed endpoint
- Application supported by evidence, not attestation alone
- IR plan documented, tested, and ready to execute
- Full patch visibility — every device current and tracked
- Lower premiums, higher limits, favorable terms
The Controls Carriers Are Checking
Cyber insurance underwriters have converged on a core set of technical controls that they expect to see in place before issuing coverage — and verify at claim time. These are not aspirational. They are pass/fail requirements that determine whether a policy is issued and whether a claim is paid.
Six controls underwriters check at application and at claim time
Each maps directly to a NSUIF domain — meaning an organization that has completed the framework has documented evidence for every requirement
MFA on All Privileged Access
Multi-factor authentication enforced on admin accounts, remote access, and email. The single most common reason claims are denied when not present.
EDR on All Endpoints
Behavioral endpoint detection on every managed device. Carriers distinguish between AV and EDR — AV-only environments face higher premiums or declination.
Tested Backups With Documented Recovery
Backups that exist but have never been tested are treated as no backups by underwriters. Quarterly tested, air-gapped backups with documented RTO/RPO are required.
Patch Management Program
Documented patch cadence with centralized visibility into compliance. Critical patches applied within 30 days — evidence required, not just attestation.
Incident Response Plan
A documented IR plan that has been exercised within the past 12 months. Untested plans are insufficient — carriers want to see tabletop exercise documentation.
Email Security and Filtering
Anti-phishing, DMARC, and advanced email filtering in place. Email is the #1 initial access vector — carriers weight email security heavily in underwriting.
Common Gaps in This Domain
Insurance readiness assessments almost always reveal a gap between what was attested on the application and what is actually deployed and documented. That gap is where claims get denied.
Application Filled From Memory, Not Evidence
The cyber insurance application answered based on what IT believes is true, not what is documented and verifiable. When a claim is filed, the carrier investigates. Gaps between attestation and reality at claim time are the basis for denial.
Backups That Have Never Been Tested
Backup jobs running for years with no documented restoration test. Carriers treat untested backups as no backups. A ransomware event that triggers recovery reveals the backup has been failing silently — at exactly the worst moment.
MFA Gaps on Privileged Accounts
MFA enforced on standard user accounts but not on service accounts, admin accounts, or remote access. Carriers specifically check privileged account MFA — partial deployment doesn’t satisfy the requirement and won’t satisfy a claim review.
No Documentation of Controls
Controls that exist but are not documented. Patching happens but no centralized dashboard shows compliance. EDR is deployed but no report shows coverage percentage. At claim time, undocumented controls are treated as absent controls.
Policy Limits and Exclusions Not Reviewed Annually
Coverage purchased three years ago against a threat landscape that has changed dramatically. Limits that made sense then are inadequate now. Exclusions added at renewal that nobody noticed — including war exclusions, infrastructure exclusions, and sub-limits on ransomware.
A Defensible, Documented Security Posture at Every Renewal
Domain 10 is where the other nine domains pay off. Every control implemented across the NSUIF framework generates documentation that supports the insurance application, satisfies underwriter requirements, and provides evidence at claim time. An organization that has completed the full NSUIF assessment has built exactly the security posture that carriers reward with better rates and higher limits.
- Insurance application support — every underwriting requirement mapped to a NSUIF domain with documented evidence, not attestation alone
- Backup testing program — documented quarterly restoration tests with RTO/RPO metrics that satisfy carrier requirements and demonstrate actual recovery capability
- MFA coverage audit — complete inventory of all accounts and access points, with MFA deployment confirmed and documented on privileged accounts and remote access
- Control documentation package — organized evidence file covering EDR deployment, patch compliance, email security, SIEM coverage, and access control for underwriter review
- IR plan documentation and tabletop — incident response procedures written, exercised, and documented within the past 12 months — satisfying the carrier requirement carriers most commonly cite
- Policy review and gap analysis — annual review of coverage limits, exclusions, and sub-limits against current threat environment and organizational risk profile
- Premium optimization — documented posture presented to multiple carriers through the broker channel to achieve the most favorable terms available in the market
Insurance Readiness Through the Full NSUIF Stack
Domain 10 is not a standalone service — it is the outcome of having completed Domains 1 through 9. Every technical control implemented through the NSUIF framework contributes directly to insurance readiness. NetSphere coordinates the documentation, supports the application process, and connects clients with cyber insurance brokers who understand what a well-documented security posture is worth at renewal.
Cyber Insurance Brokers
Specialist brokers who understand technical security posture and can present documented NSUIF controls to carriers to achieve favorable underwriting terms and premium reduction.
Control Documentation Services
Evidence compilation and organization — pulling together EDR reports, MFA coverage data, patch compliance dashboards, and backup test logs into an underwriter-ready package.
IR Plan and Tabletop Services
Incident response plan development and tabletop exercise facilitation — producing the documented, exercised IR program that carriers now specifically require at application.
Backup and Recovery Testing
Managed backup testing programs with documented results — quarterly restoration tests, air-gap verification, and RTO/RPO documentation satisfying carrier requirements.
The NSUIF Framework Is Complete.
Now Put It to Work.
Ten domains. Every layer of the infrastructure assessed, documented, and modernized. The result is a security posture that reduces risk, satisfies insurance underwriters, and positions your organization to operate with confidence. Start with the free assessment.
Request Your Free NSUIF Assessment