Cyber Insurance Questionnaire: What MFA & EDR Requirements Really Mean

Cyber insurance underwriting has changed dramatically. Carriers now require detailed evidence that you've implemented specific technical controls before they'll bind a policy — and they'll deny claims if your answers don't match reality. Here's a plain-language breakdown of the most common requirements.

Multi-Factor Authentication (MFA)

MFA is no longer optional. Carriers require it on email, remote access (VPN, RDP), all admin accounts, and increasingly on every business-critical SaaS application. Saying "yes" to MFA on the questionnaire when it's not actually deployed is the fastest way to have a claim denied.

Endpoint Detection & Response (EDR)

Legacy antivirus is no longer enough. Carriers expect modern EDR or managed XDR with active monitoring and response capabilities. Defender for Endpoint, SentinelOne, CrowdStrike, and similar platforms qualify; consumer antivirus does not.

Immutable, Tested Backups

The questionnaire will ask about backup frequency, offsite storage, immutability, and — critically — when you last successfully restored from backup. "We have backups" is not an answer. Document the test.

Security Awareness Training

Carriers want documented, ongoing training and phishing simulations — not a one-time annual video. A documented cadence (quarterly campaigns, monthly micro-trainings) satisfies the requirement.

Written Information Security Plan

A documented WISP demonstrates a mature program and shortens questionnaire response time. Many carriers explicitly ask whether you have a WISP and request a copy.

Incident Response Plan

You need a written plan with notification timelines, escalation paths, and a tested communication tree. Carriers want to know you can act in the first 24 hours.

What Wolf Tech Does

We map your environment to your specific carrier's questionnaire, identify gaps, and prioritize the controls that get you to "yes" on the highest-weighted questions. Learn more or schedule a readiness review.