Skip to content

July 13, 2026GuideEducational resource

Cyber insurance evidence guidance for brokerages.

A practical way to organize common readiness records before a broker or carrier asks about access, backups, training, vendors, policies, and response planning.

Why this matters

A brokerage may have many useful security practices in place and still struggle to locate the supporting record during renewal. The operational problem is usually not one missing document. It is that screenshots, policies, training records, vendor notes, and ownership details live in different places.

An evidence list helps the team separate what is already documented, what needs an update, and what requires help from an IT provider, broker, carrier, or another qualified professional.

What to organize

Build a record around the topics your team can maintain.

The exact questions and requested materials vary. Use this as an internal preparation list, then follow the instructions provided by your broker or carrier.

  • Multi-factor authentication

    Record where MFA is enabled for email, administrative accounts, transaction tools, and other important systems.

  • Backups and recovery

    Keep the latest backup status and any available restore-test record or provider confirmation.

  • Training and acknowledgment

    Maintain completion records for security and wire-verification awareness.

  • Administrative access

    Keep a current list or review record for people with elevated access.

  • Vendors and data access

    Document important service providers, the access they receive, and the internal owner.

  • Policies and response contacts

    Keep current access, password, AI usage, wire-verification, and response documents together.

Practical starting point

A calm renewal-preparation sequence.

  1. 01

    Collect the current questionnaire

    Use the actual broker or carrier request as the source for what is required.

  2. 02

    Name an owner for every topic

    Assign the person who can answer, locate the record, or coordinate with a provider.

  3. 03

    Link the supporting record

    For each answer, point to the policy, screenshot, report, acknowledgment, or provider note that supports it.

  4. 04

    Mark gaps without guessing

    Separate missing, stale, and provider-owned items instead of overstating what is in place.

  5. 05

    Review with the right professionals

    Use the organized record to support conversations with your broker, carrier, IT provider, and other advisors.

Sources and limitations

This guide provides documentation support. It does not predict eligibility, coverage, pricing, or a carrier decision. Carriers and brokers use their own questions and processes. Follow their current instructions and review material answers with qualified professionals.

  1. 01

    Federal Trade Commission: Cybersecurity for Small Business. General guidance covering access, MFA, vendors, and incident planning.

  2. 02

    Federal Trade Commission: Start with Security: A Guide for Business. Practical lessons on data minimization, access, authentication, service providers, and keeping security current.

  3. 03

    National Institute of Standards and Technology: Cybersecurity Framework. A voluntary framework for organizing cybersecurity outcomes and communicating risk.

  4. 04

    Cybersecurity and Infrastructure Security Agency: Cyber Essentials. Practical starting points for leaders building an organizational security program.

Published July 13, 2026. Last reviewed July 13, 2026.

Next step

Turn what you learned into one next action.

Run the readiness check, see your current picture, and organize the supporting work in the Index8 workspace.