Cyber Insurance Readiness Assessment
Insurer-perspective gap analysis — shows what underwriters check before you apply. Broker-ready report.
💼 NOT AUTHORISED BY THE FINANCIAL CONDUCT AUTHORITY — AI ASSISTS THE FINANCE TEAM
SummitBridge Horizon is not authorised or regulated by the Financial Conduct Authority (FCA). This product supports the finance team, CFO, and accountant in their work; it is not a substitute for guidance from a qualified finance professional. Any AI output must be reviewed by a qualified finance practitioner before it is acted upon. The AI assists the finance team; it does not replace them.
📋 DORA & FCA — OPERATIONAL RESILIENCE FOR INSURERS
The Digital Operational Resilience Act (DORA) covers insurers and insurance intermediaries since 17 January 2025. The FCA and PRA require UK insurers to maintain operational resilience under SS1/21 and PS6/21. Cyber insurance underwriting now requires demonstrable ICT risk management. Fine: unlimited (FCA enforcement). This assessment aligns with DORA and FCA requirements.
💰 PREMIUMS UP 45% — CLAIMS REJECTED FOR MISSING BASIC CONTROLS
UK cyber insurance premiums increased 45% in 2024. Insurers are tightening policy exclusions and rejecting claims where basic controls were absent at the time of breach — particularly missing MFA, untested backups, and unpatched systems. The underwriting questionnaire has changed significantly. Most businesses answer it without knowing what underwriters are actually looking for.
Know What Underwriters Check — Before They Decline You
Most businesses apply for cyber insurance without understanding what the underwriting process actually assesses. The result: higher premiums, narrower coverage, or policy voidance when a claim is made. This assessment replicates the insurer's perspective — scoring your posture on the 12 factors that most directly influence cyber insurance decisions and pricing.
- MFA Coverage Assessment: The single most important factor in underwriting decisions — where you have it, where you do not, and whether it is properly enforced on privileged accounts
- Backup Verification: Not just "do you have backups" — are they tested, air-gapped or offline, and restorable within your documented RTO?
- Privileged Access Control: Admin credential management — the primary target in ransomware attacks and a critical underwriter concern
- EDR/XDR Coverage: Endpoint Detection and Response — increasingly required by insurers as a condition of coverage, not just recommended
- Email Gateway Controls: Anti-phishing measures — assessed as a direct proxy for BEC and ransomware risk in insurer models
- Patch Management Score: How quickly you apply critical updates — directly correlated with breach probability in actuarial models
- Incident Response Plan: Documented and tested IR plan — underwriters increasingly require evidence of testing, not just existence
- Broker-Ready Security Summary: One-page posture document — hand directly to your broker or underwriter to support your application
- Coverage Gap Map: Which standard policy exclusions most affect your specific risk profile — and what controls close them
💷 THE MATHS
£299 one-time. Insurers increasingly ask for a structured readiness assessment at renewal; whether it moves your premium depends on your insurer, controls and claims history. Claim rejection versus acceptance: the difference between financial recovery and catastrophe following a breach.
📦 Delivery & deliverables
- Turnaround: assessment delivery within 36 business hours after intake completion. Multi-jurisdiction packages: up to 5 business days.
- Sample output: a redacted sample deliverable (report + appendices) is available on request — email [email protected] with the product name.
- Revision & satisfaction: one round of revisions included; if the deliverable does not meet the agreed brief, full money-back refund within the 14-day window.
⚠️ Legal disclaimer (COMPLIANCE): This product is provided for information and compliance documentation only; it is not regulatory advice. Read the full disclaimer below or in our Terms of Service before purchase.
DORA Coverage (Cyber-Insurance Adjacency)
Cyber insurance underwriters increasingly require DORA-aligned evidence from prospective insureds in the EU/UK financial-services supply chain. This readiness pack maps the four DORA audit dimensions:
- DORA Article 5-7 — ICT risk management framework — Risk assessment template aligned with DORA Article 5-7 ICT risk management requirements; risk register linking insurance-relevant risk categories to DORA-defined ICT risk taxonomy
- DORA Article 17-19 — Incident reporting (FCA cadence) — Incident reporting workflow with FCA notification cadence templates; mapping major-incident classification thresholds to insurance notification requirements; reporting window readiness assessment
- DORA Article 24-27 — Operational resilience testing — Resilience testing programme template (TLPT for in-scope entities, vulnerability assessment for all); continuity testing evidence pack for insurer due diligence
- DORA Article 28 — Third-party ICT risk + register — Third-party risk register template, ICT supplier risk classification framework, vendor risk assessment workflow aligned with DORA Article 28
£299.00
One-time payment · No VAT (not registered)
Trust & Delivery
ICO registered ZC112810
UK Information Commissioner's Office data controller registration.
Companies House 16419201
SummitBridge Horizon Ltd — registered 30 April 2025, London.
14-day satisfaction guarantee
See refund policy for full terms.
Sample materials available
Compare with the market
6 direct and adjacent competitors tracked.
| Vendor | Their price | Threat | vs SBH | Their advantages | Our advantages |
|---|---|---|---|---|---|
| Kovrr IL | — | MEDIUM | pricier | — | — |
| Hiscox Cyber GB | — | MEDIUM | pricier | — | — |
| Coalition US | — | MEDIUM | pricier | Carrier + readiness bundled | £299 independent audit · Carrier-agnostic |
| Beazley GB | — | LOW | pricier | — | — |
| Cowbell Cyber US | — | LOW | pricier | — | — |
| At-Bay US | — | LOW | pricier | — | — |
Compliance Snapshot
Regulatory posture for this product — for procurement and security teams.
Conformity scaffold in place — formal record not yet published