Cyber Insurance Renewal Readiness
Carriers ask for proof of security awareness training and phishing simulation programs on every renewal. Generate the evidence package your broker needs in 90 days, mapped to the carrier supplemental application.
Renewal Season Is Where Training Gaps Cost Real Money
Cyber insurance carriers shifted from soft-touch questionnaires to hard control gates around 2022. Marsh, Aon, and the major carriers all now publish supplemental applications that ask for specific evidence on MFA, EDR, backup, and security awareness training. A weak answer on training raises the premium, narrows coverage, or denies renewal entirely.
The supplemental forms from Travelers, Chubb, Coalition, At-Bay, Beazley, and AXA XL all ask three security awareness questions: what training program runs, who completes it, and what the phishing simulation click-through rate looks like. Most organizations cannot answer the third question with data. That is the gap brokers consistently surface.
RansomLeak runs a 90-day program that delivers what the carrier supplemental needs: workforce-wide training, phishing simulation with measured click-through rate, and a single PDF evidence package the broker can attach to the renewal submission. Customers report premium retention improvements and shorter underwriter back-and-forth.
How It Works
Review the carrier supplemental application
Pull the security awareness section from the current supplemental form. Most carriers ask the same three questions, but the wording and evidence format vary. RansomLeak provides a side-by-side mapping for the top six carrier applications.
Identify the training and simulation gap
Most organizations have some training in place but lack measured phishing simulation data. The intake call surfaces what gets asked, what evidence already exists, and what needs to ship in the next 90 days.
Run the 90-day baseline curriculum
Default curriculum: phishing detection, ransomware response, BEC, MFA hygiene, social engineering, and password manager habits. Workforce completes inside the 90-day window with weekly reminder cadence.
Run the phishing simulation alongside training
A standard simulation runs three test waves over the 90 days, with rotating lures and difficulty bands. Click-through rate, report rate, and time-to-report all track per employee. The data feeds the supplemental directly.
Generate the broker-ready evidence package
A single PDF compiles training completion records, simulation results, control-mapping to the carrier supplemental, and a one-page executive summary. Hand to the broker for the renewal submission, no further reformatting needed.
What You Get
Per-employee training completion record
Dated PDF and CSV showing which exercises each employee finished, when, and at what score. Required by every major carrier supplemental application.
Phishing simulation rate trend
Click-through rate, report rate, and time-to-report measured across three test waves over 90 days. Customers typically see click-through drop from 20-30% baseline to under 5% by the third wave.
Audit-ready evidence package matching the supplemental
A single PDF mapping every training and simulation artifact to the specific question on the carrier supplemental. Pre-mapped for Travelers, Chubb, Coalition, At-Bay, Beazley, AXA XL, and Marsh broker submissions.
Broker-shareable executive summary
A one-page summary the broker can attach to the renewal submission. Includes program scope, participation rate, simulation trend, and the named exercises completed.
Year-over-year trend report for renewal
Once the program runs annually, you get a year-over-year trend report showing simulation rate improvement and training completion stability. Underwriters reward the trend, not just the snapshot.
Featured Exercises for Renewal Readiness
The exercise sequence we recommend for this use case, pulled from the 100+ catalogue.
Phishing Email Detection
Every carrier supplemental asks about phishing training. The exercise builds the detection habit that the simulation then measures.
Read the guideRansomware First-Hour Response
Ransomware is the named threat in most cyber policy claims data. Carriers want evidence the workforce knows the containment and reporting playbook.
Read the guideBusiness Email Compromise
BEC is the second-largest claim category after ransomware. Travelers and Chubb both ask specifically about BEC training in finance roles.
Read the guideMFA Setup Best Practices
MFA enrollment and bypass attempts both appear on carrier supplementals. The exercise covers correct setup and how to recognize MFA fatigue prompts.
Read the guideSocial Engineering Defense
Help-desk impersonation drove the largest claims of 2023 and 2024. Carriers now look at help-desk verification training in particular.
Read the guidePassword Manager Habits
Password reuse remains a top three claim root cause. Coverage of password manager adoption and credential hygiene maps directly to underwriter expectations.
Read the guideThreats this use case covers
Read the pillar guide for each attack type and the exercises that train against it.
Frequently Asked Questions
Which cyber insurance carriers does the evidence package cover?
How long does the readiness program take?
What phishing simulation click-through rate satisfies underwriters?
Can we use this for the first-time application, not just renewal?
Does the evidence package work with our broker portal?
Will this lower our premium?
Can we add the program mid-policy term?
References
Primary sources cited above.
- Global Insurance Market Index — Marsh McLennan
- Cyber Insurance Market Insights — Aon
- Cyber Insurance: Insurers and Policyholders Face Challenges in an Evolving Market (GAO-21-477) — U.S. Government Accountability Office
- NIST SP 800-30 Rev. 1: Guide for Conducting Risk Assessments — NIST
- Cyber Insurance Market Guidance and Bulletins — Lloyd's of London
- Cyber Claims Report — Coalition
- Report on the Federal Insurance Office — U.S. Department of the Treasury, Federal Insurance Office
Related Reading
See RansomLeak in Action
Try the free exercises or book a demo to see analytics, SCORM export, SSO, and custom content in your environment.