What U.S. carriers actually require to write or renew a policy this year. Find your gaps before underwriting does — with an interactive PDF that scores itself as you fill it out.
28 specific questions across 8 categories — covering every control U.S. cyber insurance carriers ask about during underwriting in 2026.
MFA coverage, privileged accounts, password policy, offboarding, local admin rights.
5 itemsEDR deployment, patching cadence, Office macro restrictions, mobile device management.
4 itemsAdvanced phishing protection, SPF/DKIM/DMARC, external email warning banners.
3 itemsAutomated daily backups, offsite or immutable copies, annual restore testing, separated credentials.
4 itemsAnnual security training, quarterly phishing simulations, 30-day new-hire onboarding.
3 itemsNetwork segmentation, modern firewall with IPS, DNS or web filtering at the edge.
3 itemsWritten IR plan, annual tabletop exercise, offline-accessible carrier contacts.
3 itemsHardware and software inventory, third-party risk reviews, documented security policies.
3 itemsBetween 2020 and 2022, cyber insurance carriers paid out billions in ransomware claims. Most weren't sophisticated attacks — they exploited the same handful of basic security gaps over and over: no MFA on remote access, legacy antivirus instead of EDR, backups stored on the same network that got encrypted, untrained employees clicking phishing links.
Carriers responded by tightening underwriting dramatically. In 2026, what used to be a one-page application is now a multi-page security questionnaire. Renewals require evidence — not just attestation — that specific controls are in place. Miss the wrong one and you'll see a non-renewal letter, a 40-60% premium hike, or an outright denial.
This checklist surfaces every control we see carriers ask about in 2026, so you know what you're walking into before you sit down with your broker.
Built to score itself. No software to install, no account to create. Just open it in your PDF viewer and click.
Free download. Works best in Adobe Reader or Acrobat, but opens in any PDF viewer.
Walk through 28 questions. Click each box that applies to your business — it's that simple.
Your score updates automatically with a color-coded grade — Strong Posture, Likely to Qualify, Significant Exposure, or Will Decline.
Built-in email button sends your completed checklist to Trinity for a free, no-pressure gap review.
Trinity built this checklist after years of helping Triad businesses across these industries close the security gaps that cyber insurers — and attackers — look for.
Free. Interactive. No email required. Built for businesses navigating the 2026 cyber insurance market.
Quick answers to what people ask before downloading.
Trinity has been securing Triad businesses since 2003. If your checklist shows gaps and you're not sure where to start, let's talk — no pressure, no obligation.
