Resources / Cyber Insurance Support
Cyber insurance questionnaire support.
Accurate answers. Documented evidence. Better premiums. Fewer denials at claim time. Houston-based engineers fill in the technical sections in your voice — so your broker gets a defensible application instead of a liability.
The problem most businesses don’t see coming
Cyber-insurance questionnaires are written by underwriters, not IT people. They ask 80+ technical questions about your identity, endpoint, network, backup, and incident-response posture — and every wrong answer does one of two things: raises your premium, or creates a denial path at claim time.
Most businesses answer the questionnaire themselves, in good faith, and get some of it wrong — usually by over-stating a control that’s partially in place. When a claim happens, the carrier reviews the original application, finds the gap, and denies the claim. We’ve watched it happen. This service exists so it doesn’t happen to you.
What the questionnaire actually asks
Five control areas. Eighty-plus specific questions.
Every major cyber-insurance questionnaire we’ve seen drills into these five domains. Here’s a sample of the specifics.
Identity & Access
- ✓MFA on all remote access, email, admin accounts, and privileged systems
- ✓Conditional access and geo-restriction policies
- ✓Privileged-access management (PAM) or admin-account separation
- ✓Service-account inventory and rotation cadence
Endpoint & Network
- ✓EDR / MXDR deployed and monitored 24/7
- ✓Patch cadence for operating systems, applications, and firmware
- ✓Network segmentation (user VLAN vs. server VLAN vs. IoT/OT)
- ✓RDP, SMBv1, and other frequently-abused protocols disabled
Backup & Recovery
- ✓Immutable / air-gapped backup copies
- ✓Backup restore testing frequency (not just “we have backups”)
- ✓Recovery Time Objective (RTO) and Recovery Point Objective (RPO) documented
- ✓Backup system segregated from production admin credentials
Email & Phishing
- ✓DMARC enforcement, SPF + DKIM alignment
- ✓Email threat detection / anti-phishing platform
- ✓Security awareness training cadence and click-rate tracking
- ✓Simulated phishing program with remediation
Incident Response & Governance
- ✓Written Information Security Plan (WISP) or equivalent
- ✓Incident-response plan with tabletop exercises in the last 12 months
- ✓Breach notification procedures by applicable regulation (HIPAA, state law, client contracts)
- ✓Vendor / third-party risk review process
What you get
Defensible answers and a clean evidence package.
Answer every technical section accurately
We fill in the technical questions in your voice, with current evidence from your environment — not generic “yes” answers that can be denied at claim time.
Identify gaps before the insurer does
The questionnaire is itself a free security audit. We flag any controls your policy will require but you don't yet have, and cost them before renewal so you aren't blindsided.
Documented evidence package
Screenshots, policy excerpts, vendor reports, and configuration attestations — packaged so your broker or underwriter can verify without a back-and-forth.
Better premium quotes
Accurate controls, cleanly documented, consistently produce better quotes than self-completed questionnaires where clients over-state or under-state what's in place.
Defensible position at claim time
The most common reason cyber claims get denied is that answers on the application don't match what was actually deployed. Accurate answers + evidence = your carrier can't walk away.
Annual renewal support
Most cyber policies are annual. We track the delta year-over-year so renewals are faster and your controls evolve alongside the market's expectations.
Who benefits most
Built for compliance-heavy Houston buyers.
Healthcare practices (HIPAA + cyber). Law firms (ethics + cyber). CPA firms (IRS Publication 4557 + WISP + cyber). Industrial and construction firms whose client contracts now require a minimum cyber-insurance coverage. Professional-services firms where Fortune 500 clients expect documented controls.
If your insurance renewal is coming up in the next 90 days, or your current carrier just sent a list of new requirements, that’s the right moment to talk.
Common questions
Cyber insurance questionnaire support — FAQ.
Do we have to be an ongoing Mako-managed client to use this?
No. We offer questionnaire support as a standalone engagement for businesses that have their own IT but want a senior engineer reviewing the technical sections before the application goes back to the broker. That said, we get the best outcomes for clients we manage, because the controls they're attesting to are ours to verify directly.
How much does this cost?
Scope-dependent. A typical small/mid-size business questionnaire review and evidence package is a fixed-fee engagement scoped up front — no hourly surprises. If gaps are found, we price the remediation separately; no obligation to use us to close them.
What happens if our current controls don't meet the policy's minimum?
You have three options, and we'll be honest about each: (1) close the gaps before renewal; (2) negotiate a different policy with a carrier that accepts your current posture (sometimes possible, usually with a higher premium); (3) accept the exclusion and plan around it. We help you understand the trade-offs in plain English.
Can you help with a claim that's already in progress?
Yes — we've supported clients through live claims where the technical timeline, log preservation, and control-in-place attestation mattered. Call the emergency line if this is active.
Do you work with a specific broker or carrier?
We work with whichever broker and carrier you choose. We don't take referral fees from either side — our job is to make your answers accurate, not to steer you toward a specific policy.
What's the most common mistake businesses make on these questionnaires?
Answering “yes” to controls that are partially in place but not consistently enforced. Example: “do you require MFA on remote access?” — if any service-account or legacy VPN still allows non-MFA access, the honest answer is no. Over-stating controls at application time is the #1 reason claims get denied later.
Renewal coming up? Let’s get it right.
Twenty-minute conversation. We’ll review the questionnaire and tell you honestly where the gaps are.