Somewhere in your files is a cyber insurance application, signed by an officer of your firm, making specific factual representations about your controls: MFA on email and remote access, EDR deployed, backups tested, payment instructions verified out-of-band, training conducted. The premium was priced on those answers. The claim, when it comes, will be adjusted against them — and the gap between what the application says and what your environment does is, functionally, an unfunded retention you don’t know you’re carrying.
The rest of this article is free to read with a BrainTrust membership — joining takes about a minute, and no credit card is required.