The evidence binder
your broker is asking for.
Underwriters want proof, not promises. Our infrastructure produces the control documentation that gets you covered — and keeps premiums from climbing.
What underwriters
actually want.
Cyber insurance underwriting has fundamentally changed. Where applications once asked “Do you have a firewall?” (yes/no), modern questionnaires demand specific technical controls with evidence of implementation. Underwriters now employ technical scanning and require attestations about specific security configurations.
The controls insurers consistently require include: email authentication (SPF, DKIM, DMARC), encryption in transit (TLS 1.2+, HSTS), vulnerability management (patch currency, scanning), and DNS security (DNSSEC, proper configuration). These aren’t optional — carriers now decline coverage or exclude claims for organizations missing these basics.
More critically, insurers are denying claims post-breach when they discover that attested controls weren’t actually operating. A 2024 Coalition report found that organizations with verified email authentication pay 25% lower premiums and experience 30% fewer claims. The ROI on provable security is measurable.
PrismWeb’s sixteen checks map directly to the questions on major carrier applications (Coalition, Corvus, At-Bay, Resilience, Cowbell). We don’t just help you answer “yes” — we produce the evidence that survives a claims investigation.
Controls that affect
your premium.
| Check | Insurer Requirement | Premium Impact |
|---|---|---|
| DNSSEC | DNS security configuration | Moderate — differentiator |
| SSL/TLS | Encryption in transit (mandatory) | High — coverage requirement |
| Enhanced HTTPS | HSTS, forced encryption | Moderate — premium reduction |
| Enhanced TLS | TLS 1.2+ minimum, strong ciphers | High — coverage requirement |
| Certificate Validation | Valid certificates, proper trust chains | Moderate — basic hygiene |
| Security Headers | Application hardening controls | Moderate — differentiator |
| SPF | Email authentication (mandatory) | Critical — often required for coverage |
| DKIM | Email authentication (mandatory) | Critical — often required for coverage |
| DMARC | Email policy enforcement (mandatory) | Critical — claims denied without it |
| MTA-STS | Email encryption enforcement | Moderate — advanced differentiator |
| TLS-RPT | Security monitoring and reporting | Low — demonstrates maturity |
| IP Abuse | Reputation/blacklist monitoring | Moderate — incident indicators |
| WordPress Detection | Patch management, vulnerability tracking | High — outdated CMS is red flag |
| Website Scanning | Regular security assessment | Moderate — continuous monitoring |
| IPv6 | Infrastructure modernization | Low — demonstrates investment |
| RPKI | Network routing protection | Low — advanced differentiator |
What we hand
your broker.
Pre-answered responses for common carrier questionnaires (Coalition, Corvus, At-Bay, Resilience) with supporting evidence for each attestation. Your broker gets documentation, not just checkboxes.
A current-state security assessment showing all sixteen checks, their status, and trending data. Underwriters love trending data — it shows controls operate over time, not just on the day you applied.
If you ever need to file a claim, timestamped evidence that controls were operating at the time of incident. Insurers can’t deny claims for “failure to maintain controls” when you have continuous verification records.
Annual renewal packages showing security posture improvements, maintained controls, and any incidents with documented remediation. The data that keeps premiums from escalating at renewal.
Documentation your broker can use to negotiate lower premiums based on verified security controls. Organizations with our level of email authentication and encryption verification typically qualify for preferred rates.
Get covered faster.
Pay less when you do.
Your broker needs evidence, your underwriter needs confidence, and your claims team needs proof. Our infrastructure produces all three — automatically.