Security moment
Cyber insurance renewal questionnaire due?
Your answers are legal statements.
The questionnaire isn't paperwork — it's the document your insurer will re-read after a breach, looking for a reason not to pay. Here's how to answer it accurately, lower your premium, and avoid the gotchas that void claims.
Run a free domain scan See the checklist
Renewal deadline this week? Call ThreeShield: 1-403-538-5053
Before you sign anything
1. Read every attestation as if a claims adjuster will
"Do you use MFA?" means everywhere — including VPN, remote desktop, email, admin accounts, and that one legacy service account nobody talks about. If a single exception exists, say so in writing. A truthful caveat rarely changes your premium; a false "yes" can void your entire claim.
2. Scan your own perimeter before their scanner does
Most carriers run external scans against your domains and price you accordingly. Run your own scan first: exposed RDP, outdated web servers, missing SPF/DKIM/DMARC, and forgotten subdomains all show up. Teams that fix internet-exposed issues before the insurer's scan typically save 10–20% on premiums.
3. Gather evidence for your patching cadence
"We patch within 30 days" needs to be provable, not aspirational. Pull reports showing when critical patches were actually applied across workstations, servers, and third-party apps. If the evidence doesn't match the claim, fix the process or fix the answer.
4. Verify the EDR, backup, and offboarding attestations
Three questions insurers weight heavily: is EDR on every endpoint (check the count, not the intention), are backups tested and kept offline or immutable (a restore test beats a checkbox), and are departing employees' accounts disabled promptly (check your last three offboardings, honestly).
5. Know the gotchas that void claims
The recurring ones: an MFA exception the questionnaire didn't disclose, backups that existed but were never tested, "EDR deployed" on 90% of endpoints when the breach came through the other 10%, and material changes mid-policy that were never reported. If your environment changes after renewal, tell your broker — silence is what adjusters use.
6. Keep your evidence with the policy
File the completed questionnaire alongside the reports that back each answer — scan results, patch reports, MFA coverage exports, backup test logs. If you ever claim, you'll prove your attestations were true when made instead of reconstructing a year-old environment from memory.
Turn next year's questionnaire into an export, not a project
Free domain scan
See your perimeter the way your insurer's scanner does — exposed services, email protections, certificate issues — before it affects your premium.
Scan your domain →Patching for 7,500+ apps
Automated patching with the reports to prove your cadence — the evidence behind the attestation, generated continuously.
Learn more →GRC compliance automation
Lavawall maps your real controls to the questions insurers ask, so attestation evidence is a report you pull, not a scramble you run every renewal.
Learn more →M365 breach detection
Continuous monitoring is increasingly a questionnaire line item of its own. Lavawall covers Microsoft 365 sign-ins, OAuth grants, and configuration changes.
Learn more →Want the questionnaire done right, with proof?
ThreeShield — the CISSP/CISA team that builds Lavawall — completes insurance questionnaires with you, verifies every attestation against your actual environment, and can run a full cybersecurity audit if you'd rather close the gaps before you sign.
Common questions
- What happens if an answer turns out to be wrong?
- Inaccurate attestations are one of the most common reasons claims get denied or policies rescinded after an incident. If you attested to MFA everywhere and the attacker got in through one account without it, expect the insurer to look very hard at that answer. Answer what's true today, not what's planned.
- Why scan our own perimeter before renewal?
- Because your insurer will. Most carriers scan your domains, and internet-exposed issues directly affect your premium and insurability. Teams that fix those issues before the insurer's scan typically save 10–20% on premiums.
- Can someone help us complete the questionnaire accurately?
- Yes — ThreeShield completes questionnaires with you, verifies each attestation against your real environment, and can audit and fix the gaps first if you prefer.