Overview
Cyber Insurance Review is the annual evaluation of an organization’s cyber insurance coverage to confirm it adequately mitigates cybersecurity and data breach risks. This process ensures coverage limits, exclusions, and policy terms align with the organization’s risk profile and SOC 2 CC9.2 requirements.
Step-by-Step Process
Collect current insurance policy
The Finance Manager obtains the most current cyber insurance policy documents, including declarations, endorsements, and exclusions. The output is a complete, dated copy of the active policy for review.
Role: Finance Manager
Review coverage scope and limits
The Finance Manager reviews policy sections related to data breaches, ransomware, business interruption, and incident response costs. The output is a documented assessment of whether coverage limits and scope align with current risk exposure.
Role: Finance Manager
Assess exclusions and conditions
The Finance Manager identifies key exclusions, conditions, and coverage prerequisites that could limit claims. The output is a list of notable gaps or conditions requiring management awareness or remediation.
Role: Finance Manager
Confirm policy alignment with risk assessment
The Finance Manager compares insurance coverage against the latest enterprise or cybersecurity risk assessment. The output is a short written confirmation noting alignment or identifying gaps requiring follow-up.
Role: Finance Manager
Document review and approvals
The Finance Manager documents the review date, findings, and approval in a tracking record or memo. The output is a dated record demonstrating annual review and management sign-off.
Role: Finance Manager
Initiate renewal or changes if needed
If gaps are identified, the Finance Manager contacts the broker to request quotes, endorsements, or policy changes. The output is documented correspondence or renewal confirmation.
Role: Finance Manager
What You Need Before Starting
- Current cyber insurance policy documents (PDF or portal access)
- Access to insurance broker portal or broker contact details
- Latest cybersecurity or enterprise risk assessment
- Prior year insurance review or renewal records
Evidence Your Auditor Expects
- Dated copy of active cyber insurance policy showing coverage period
- Annual insurance review memo or checklist signed and dated by Finance Manager
- Screenshot from broker portal showing policy details and effective dates (timestamp visible)
- Email correspondence with broker regarding review, renewal, or coverage changes (with dates)
How This Looks In Your Tools
Broker portal
Log in to the broker portal using provided credentials. Navigate to Policies > Active Policies and select the current cyber insurance policy to view declarations, coverage limits, and effective dates.
Open the Documents or Policy Files section and download the full policy PDF, including endorsements and exclusions. Review sections labeled Coverage, Exclusions, and Conditions, and note any gaps directly in an internal review memo.
If changes are required, go to Requests or Contact Broker within the portal and submit a coverage inquiry or renewal request. Save confirmation emails or portal messages showing the request date and broker response.
Spreadsheet
Open the insurance review spreadsheet and navigate to the tab labeled Annual Insurance Review. Enter the policy number, insurer name, and coverage period in the designated fields.
Complete columns for coverage types (e.g., breach response, ransomware, business interruption), limits, and exclusions based on the policy documents. Add comments noting alignment or gaps compared to the risk assessment.
Record the review completion date and Finance Manager approval in the Sign-off section. Save the file with a date-stamped filename and store it in the designated compliance or finance folder.
Common Audit Findings
- No evidence of annual review
- This occurs when policies are renewed without documented evaluation. Prevent this by completing a dated review memo or spreadsheet annually and retaining it with compliance records.
- Expired or insufficient coverage
- Coverage may lapse or fail to scale with company growth if not actively monitored. Prevent this by verifying effective dates and limits during the annual review and before renewal.
- Key exclusions not identified
- Organizations often overlook exclusions buried in policy language. Prevent this by explicitly reviewing and documenting exclusions as a required review step.
- No linkage to risk assessment
- Auditors may find insurance coverage disconnected from actual risk exposure. Prevent this by referencing the latest risk assessment in the review documentation.