By Ryan Windt | Head of Growth Marketing | Updated June 2026 For most of the last decade, cyber underwriting focused almost entirely on what was inside your own walls: your MFA, your backups, your endpoint protection. That made sense when most attacks targeted the insured directly. It makes much less sense now, when some […]

By Ryan Windt | Head of Growth Marketing | Updated June 2026 Most controls underwriters check are about keeping attackers out. Logging and monitoring is different. It is the control that determines what happens once someone gets in, and increasingly it is the one that separates a contained incident from a catastrophic claim. When forensics […]

By Ryan Windt | Head of Growth Marketing | Updated June 2026 When a business tells a cyber underwriter “we follow NIST,” that sentence does almost nothing on its own. Underwriters do not price policies on framework names. They price on the specific controls a framework produces and on whether you can prove those controls […]

By Ryan Windt | Head of Growth Marketing | Updated June 2026 Zero trust is not a product. It is not a certification. And it is not something you either have or do not have. It is an architecture philosophy built on one principle: no user, device, or system should be trusted by default, regardless […]

By Ryan Windt | Head of Growth Marketing | Updated June 2026 Ransomware works by spreading. An attacker gains initial access through a phishing email, a compromised credential, or an unpatched vulnerability, and then moves laterally through the network looking for systems to encrypt, data to exfiltrate, and backups to destroy. The faster they can […]

By Ryan Windt | Head of Growth Marketing | Updated June 2026 Vulnerability management doesn’t generate headlines the way ransomware does. It’s not a flashy control. But ask any underwriter what they’re looking at when a claim comes in, and unpatched systems appear near the top of the list. Carriers have paid out enough claims […]

By Ryan Windt | Head of Growth Marketing | Updated June 2026 Every cyber insurance application asks about security controls. The questions vary by carrier, but the controls they care about most have been largely consistent for the past three years: MFA, EDR, immutable backups, email security protocols, privileged access management, and incident response capabilities. […]

By Ryan Windt | Head of Growth Marketing | Updated June 2026 Tech companies and SaaS businesses working toward SOC 2 compliance tend to ask a version of the same question at some point: if we have SOC 2, do we still need cyber insurance? The short answer is yes. But the more useful answer […]

By Ryan Windt | Head of Growth Marketing | Updated May 2026 Most businesses set up email and never think about it again. The domain works. Mail goes out. Replies come back. That is the entire mental model. It is also why email remains the entry point for the majority of cyber insurance claims filed […]

By Ryan Windt | Head of Growth Marketing | Updated May 2026 If you have filled out a cyber insurance application in the last 12 months, you have seen the credential and access control questions getting longer. Two years ago, underwriters wanted to know if you had MFA on email and remote access. A year […]

By Ryan Windt | Head of Growth Marketing | Updated May 2026 If you have filled out a cyber insurance application in the last two years, you have seen the EDR question. It shows up in different forms depending on the carrier, but the intent is always the same: do you have endpoint detection and […]

By Ryan Windt | Head of Growth Marketing | Updated June 2026 If you have read anything about qualifying for cyber insurance in the last two years, you have seen the phrase “immutable backups” somewhere in the requirements list. It appears in underwriting questionnaires, in policy conditions, in carrier declination letters, and in post-incident forensic […]

By Ryan Windt | Head of Growth Marketing | Updated June 2026 The businesses that come through a cyber incident in one piece are almost never the ones with the best technology. They are the ones who decided who does what before the phone ever rang. When ransomware hits or a fraudulent wire goes out, […]

By Ryan Windt | Head of Growth Marketing | Updated June 2026 Multi-factor authentication is the single control that appears on every cyber insurance application, every underwriting questionnaire, and every carrier declination letter when it is missing. It is also the control that generates the most confusion when businesses actually try to implement it. What […]

By Ryan Windt | Head of Growth Marketing | Updated June 2026 Most businesses treat cyber insurance renewal the same way they treat renewing a lease: sign the paperwork, hope the rate does not jump too much, and move on. That approach is leaving money on the table and, in some cases, creating coverage gaps […]

By Ryan Windt | Head of Growth Marketing | Updated May 2026 Executive Summary PCI DSS v4.0 has been fully in effect since March 2025. Organizations that have not yet addressed the payment-page script controls, expanded MFA requirements, and Targeted Risk Analysis framework are now operating out of compliance, and that gap shows up directly […]