Free Cyber Insurance Assessment

Cyber Insurance Readiness Assessment

Free check of the critical controls insurers demand – tailored for Australia and New Zealand

Cyber insurers are tightening requirements. Many will decline cover, impose exclusions, or increase premiums if your business cannot demonstrate basic security controls. This free assessment checks the minimum control requirements that underwriters (including Aon, Marsh, Steadfast, and local NZ insurers) now treat as non‑negotiable.

New Zealand context: References the Privacy Act 2020, NZISM, and expectations of local underwriters (e.g., Vero, AIG, Chubb). Use this assessment to prepare for renewal or to shop for better terms.

Australian context: Aligned with the Privacy Act 1988 (Cth), Notifiable Data Breaches (NDB) scheme, and common insurer application forms. Missing critical controls can lead to claim denial or policy voiding.

This free self‑assessment takes about 6 minutes. You’ll get a “Not Ready / Needs Work / Likely Ready” result, a list of missing critical controls, and a prioritised action plan – no obligation, no credit card required.

Critical control checklist
MFA for all users & admins, EDR on endpoints, immutable/offline backups, patching SLAs, privileged access restriction, DMARC enforcement, incident response plan, and more.
Priority action plan
A ranked list of improvements, with effort estimates (Quick Win / Medium / Project).
Insurer‑specific notes
Guidance on what local underwriters ask for during application and renewal.

Clear readiness rating
Not Ready (Critical gaps) → Needs Work (partial coverage) → Likely Ready (meets minimum expectations).
Private, shareable report
Token‑protected link you can share with your broker, insurer, or internal risk team.
Benchmark comparison
See how your maturity compares to other AU/NZ organisations assessed through this platform.

Start here

Take the assessment

Cyber Insurance Readiness Assessment

Cyber insurers are increasingly scrutinising the security controls of applicants. Businesses that cannot demonstrate basic hygiene face higher premiums, exclusions, or declined applications. Answer honestly based on what is actually in place today — not what is planned.

Takes about 6 minutes

Review your answers

Your snapshot is ready

Enter your details to unlock the full report and recommended next steps.

First name *

Last name *

Work email *

Phone

Company *

Industry

How it works

How the Cyber Insurance Readiness assessment works

Answer 17 plain‑English questions

Four sections: Minimum Controls, Incident Response, Email & Payment Fraud, Governance & Data. Answer based on what’s actually in place.

We identify missing critical controls

Any “No” or “Partially” on a critical question (e.g., MFA on email, EDR, immutable backups) flags a gap that insurers care about.

Get your free readiness report

Enter your email to receive a private report with your rating, missing controls, and recommended actions – share it with your broker.

Cyber Insurance Readiness for AU & NZ

Frequently asked questions

What are the most common cyber insurance requirements in Australia?

Australian insurers (e.g., Aon, Marsh, Steadfast, Chubb) consistently ask for: MFA on all email accounts and remote access, endpoint detection and response (EDR) on all endpoints, immutable or offline backups, patching SLAs (critical within 14 days), restricted privileged access, DMARC enforcement, incident response plan with tested procedures, and security awareness training. Missing any of these can affect cover or premium.

What do New Zealand insurers look for?

NZ insurers (Vero, AIG, Chubb, and local underwriters) largely follow the same global standards: MFA on email and cloud access, EDR on endpoints, offline backups, patching processes, and DMARC. They also ask about compliance with the Privacy Act 2020 – particularly breach notification readiness. This assessment covers all of those points.

If I miss a critical control, will my claim be denied?

It depends on your policy wording. Many policies have “warranty” clauses or “reasonable security” conditions. If you claim after an incident that exploited a control you warranted you had in place (e.g., MFA on email), the insurer may deny the claim. Use this assessment to identify gaps before you need to claim.

What does “immutable backup” mean – and do I really need it?

Immutable backups cannot be deleted or encrypted by ransomware – they are stored with object lock or offline media. Most insurers now require at least one immutable or offline copy because ransomware routinely targets and deletes online backups first. Without it, a claim for ransomware recovery may be reduced or denied.

How quickly do I need to apply patches to satisfy insurers?

Critical security patches should be applied within 14 days of release. High‑severity within 30 days. Your patching SLA should be documented and monitored. Insurers ask for evidence of tracking.

I already have cyber insurance – should I still take this assessment?

Yes. Your policy may have changed at renewal, or new requirements may have been introduced. Taking the assessment helps you stay ahead of upcoming renewals and avoid surprises when you claim.

Can I share this report with my insurance broker?

Absolutely. The report is designed to be broker‑friendly. It clearly lists missing critical controls and gives a readiness rating. Your broker can use it to negotiate better terms or to confirm that you meet underwriter expectations.

Do you help businesses fix the gaps identified?

Yes. KIS provides remediation support – from quick wins (enabling MFA, configuring DMARC) to larger projects (EDR deployment, backup immutability, incident response plan testing). Contact our team – we can start with this free assessment to scope the work.