Back to Insights
Cyber Insurance

Cyber Insurance Requirements for Small Businesses: What Carriers Actually Look For

By THOR Security Group

For small and mid-sized businesses, securing cyber insurance is no longer as simple as filling out a one-page questionnaire. Over the past few years, ransomware claims and business email compromise (BEC) attacks have skyrocketed, forcing insurance underwriters to tighten policies.

Today, insurance carriers are not just pricing risk—they are actively auditing security controls. If your organization lacks key defenses, you will be denied coverage outright.

To help you secure coverage and minimize your premiums, this guide details the exact cyber insurance requirements for small business underwriters look for in today’s market, the controls they mandate, and how to verify your organization’s readiness.

Why Underwriters Focus on Small Business Controls

Small businesses are often targeted by attackers because they historically lack dedicated security teams or centralized monitoring. Because a single breach can result in hundreds of thousands of dollars in containment, legal, and business interruption costs, carriers now require verification of specific controls before they will underwrite a policy.

When evaluating your application or renewal, carriers review your overall alignment with cyber insurance cybersecurity requirements. These requirements act as a filter to ensure your organization is a “defensible risk.”

The Cyber Insurance Readiness Checklist

While every carrier has their own specific questionnaire, major insurance groups like Coalition and security researchers like eSentire have standardized the controls that underwriters require.

Use this cyber insurance readiness checklist to audit your security posture:

1. Multi-Factor Authentication (MFA)

MFA is the single most important control to secure coverage. Underwriters mandate that MFA be enforced for:

  • All Email Portals: Microsoft 365, Google Workspace, and email clients.
  • Remote Access: Any VPN connections, firewalls, and remote access systems.
  • Administrative Accounts: Any privileged logins on servers, active directories, and cloud management consoles.

2. Endpoint Detection and Response (EDR)

Standard, signature-based antivirus is no longer considered sufficient. Carriers require EDR for cyber insurance because traditional AV cannot detect fileless malware or living-off-the-land techniques. EDR agents monitor process activity, file execution, and network connections in real time, alerting teams to anomalous behavior.

3. Managed Detection and Response (MDR)

While having EDR is a start, underwriters increasingly expect MDR for cyber insurance. Having an EDR tool does not help if an alert triggers at 2:00 AM on a Saturday and goes unnoticed. MDR combines EDR tooling with a 24/7 Security Operations Center (SOC) capable of isolating compromised devices immediately.

4. Isolated, Immutable Backups

Ransomware groups actively target backups to prevent organizations from recovering on their own. Underwriters verify that your backups are:

  • Separated: Housed on a separate directory or network segment.
  • Immutable: Configured using Write-Once, Read-Many (WORM) storage.
  • Tested: Validated through regular restoration exercises.

5. Documented Incident Response Plan (IRP)

If a breach occurs, the carrier wants to know you can contain the damage. You must have a written, actionable IRP that details communication trees, escalation roles, and pre-negotiated coordinator links (including legal, insurance brokers, and digital forensics providers).

[!TIP] Check Your Insurability Instantly: Before applying or renewing, use our interactive Cyber Insurance Eligibility Estimator to calculate your insurability score out of 100, identify critical gaps, and receive a prioritized remediation list.

What Major Carriers and Providers Look For

Different insurance carriers and advisors emphasize different layers of the security stack. Understanding these requirements helps you align with their expectations:

Coalition’s Insurance Controls Focus

As a leading cyber insurance provider, Coalition highlights several baseline controls as critical for small businesses:

  • Strong Password Policies: Enforced complexity, length, and password manager usage.
  • Antivirus & EDR: Active agents on all servers and workstations.
  • Firewall Infrastructure: Correctly configured external firewalls with restricted administrative access.
  • Incident Response Playbooks: Documented procedures to address business email compromise or ransomware.

eSentire’s Extended Security Standard

For organizations seeking higher liability limits or preferred rates, eSentire outlines a more comprehensive set of underwriter expectations:

  • MDR & NDR (Network Detection & Response): Continuous network and endpoint monitoring to detect lateral movement.
  • Vulnerability Management: Consistent internal/external scanning with documented patching timelines (fixing critical bugs within 14–30 days).
  • Phishing Simulation Training: Ongoing awareness training for all staff with simulated email tests.
  • SIEM & Log Management: Centralized logging of security events to facilitate forensic reviews.
  • Security Leadership: Access to dedicated cybersecurity governance, such as a Fractional CISO.
  • Annual Risk Assessments: Formally documented risk reviews showing regular oversight.

Action Plan for Your Next Renewal

Do not wait until your broker sends you your renewal packet to start reviewing these controls. Security improvements take time to implement and verify.

  1. Conduct a Gap Assessment (90 Days Out): Work with your IT team or MSP to evaluate your environment against current underwriting requirements.
  2. Implement Missing Controls: Prioritize MFA enforcement and 24/7 endpoint monitoring (MDR). Lacking these will block your application.
  3. Audit Your IT Assets: Make sure every server, workstation, and SaaS account is accounted for and secured.

By presenting underwriters with a documented, framework-aligned security posture, you demonstrate that your business is a high-quality risk, giving your broker the leverage needed to negotiate better coverage limits and lower premiums.

Secure Your Coverage with THOR

Underwriting questionnaires can be complex and technical. The THOR team helps small businesses audit their controls, remediate security gaps, and prepare documentation that underwriters expect.

Are you preparing for an upcoming cyber insurance application or renewal? Schedule a cyber insurance readiness review with a THOR advisor to ensure your controls meet carrier standards.

Need assistance implementing these controls?

Our fractional CISOs and security consultants are ready to help secure your organization.

Contact a Advisor or call 312.529.0672