Cyber Insurance
Workflows

CYBER POSTURE ASSESSMENT — SUBMISSION #CYB-2026-1247 ════════════════════════════════════════════════════════ Applicant: medicalrecordspro.com Requested: $5M Cyber Liability | Industry: Healthcare SaaS SECURITY POSTURE ANALYSIS: /security: Dedicated trust center — SOC2 Type II, HITRUST /compliance: HIPAA BAA available, annual pen testing /about: 120 employees, 2,400 healthcare clients /careers: Hiring CISO, 3 security engineers /docs: API security documentation, encryption standards CYBER RISK SCORE: 78/100 (GOOD) Security culture: Strong — dedicated /security page Compliance maturity: SOC2 + HITRUST — above average Growth risk: Rapid client growth may outpace security Data sensitivity: PHI exposure — high-value target RECOMMENDATION: Bind at standard rate, $5M limit approved Credit: 10% for demonstrated security program

CONTRAST — SUBMISSION #CYB-2026-1248 ════════════════════════════════════════════════════════ Applicant: cheapcloudhosting.io Requested: $5M Cyber Liability | Industry: Cloud Hosting /security: Not present /compliance: Not present /about: "Fast, affordable cloud hosting since 2024" /careers: No security roles posted Domain Age: 287 days | PageRank: 1.1 CYBER RISK SCORE: 18/100 (POOR) No evidence of security program New company, no track record Hosting sensitive client data without certifications RECOMMENDATION: Decline or sublimit to $1M with 40% surcharge Require evidence of security controls before binding

BREACH PROBABILITY MODEL — 3,200 CYBER POLICIES ════════════════════════════════════════════════════════ PREDICTIVE WEB SIGNALS FOR BREACH PROBABILITY: 1. /security page absence Breach rate without: 14.2% | With: 3.8% Lift: 3.7x more likely to suffer breach without /security page 2. Security hiring activity (/careers) Active CISO/security hiring: 2.1% breach rate No security roles ever posted: 11.4% breach rate 3. Compliance page presence /compliance present: 4.2% breach rate Absent: 9.8% breach rate 4. Domain age (operational maturity) Age >10yr: 3.4% | Age <2yr: 16.7% MODEL PERFORMANCE: AUC-ROC: 0.84 (excellent discrimination) Top decile captures 67% of all breaches Enables risk-based pricing with 3.2x better accuracy

CYBER THREAT LANDSCAPE — FEBRUARY 2026 ════════════════════════════════════════════════════════ ACTIVE THREATS IMPACTING PORTFOLIO: crowdstrike.com /blog: New ransomware variant "NightShade" Targeting: Healthcare + financial services Attack vector: Exploiting unpatched Exchange servers Portfolio impact: 340 insureds in affected verticals mandiant.com /press: Supply chain attack on popular SaaS tool Affected vendor: Project management platform (2.4M users) Portfolio impact: 89 insureds use this platform ACTION: Issue policyholder advisory, assess aggregate exposure THREAT TREND SUMMARY: Ransomware frequency: +23% QoQ Average ransom demand: $4.2M (up from $2.8M) Business email compromise: +15% QoQ Supply chain attacks: +47% YoY — emerging systemic risk

PRE-BIND SECURITY SCAN — 14 SUBMISSIONS ════════════════════════════════════════════════════════ CLEARED — 10 submissions Security page present, modern tech indicators, no red flags BLOCKED — 2 submissions (do not bind) legacypayments.com /login: No MFA indicators, HTTP-only login /api: No API security documentation /security: Not present Processes payments without basic security hygiene CONDITIONAL — 2 submissions (bind with conditions) retailchainops.com /security: Present but outdated (references 2022 audit) /compliance: PCI-DSS mentioned but no current certification CONDITION: Provide current PCI-DSS cert before binding

RANSOMWARE EXPOSURE — CYBER PORTFOLIO (1,200 POLICIES) ════════════════════════════════════════════════════════ HIGH EXPOSURE (12% of portfolio — 144 accounts) Profile: Healthcare/finance, no /security page, limited IT staff Avg ransomware probability: 8.4% annually Aggregate exposure: $720M in limits Example: countyhealthclinic.org — no security page, old tech MODERATE EXPOSURE (38% — 456 accounts) Profile: Mixed industries, basic security, some compliance Avg ransomware probability: 3.2% annually Aggregate exposure: $1.8B in limits LOW EXPOSURE (50% — 600 accounts) Profile: Strong security pages, modern tech, compliance certs Avg ransomware probability: 0.8% annually Aggregate exposure: $2.4B in limits PORTFOLIO ACTION: Non-renew 12 highest-risk accounts ($89M in limits removed) Require security improvements for 47 moderate-risk accounts Projected loss ratio improvement: 8 points

VENDOR DEPENDENCY ANALYSIS — SYSTEMIC CYBER RISK ════════════════════════════════════════════════════════ CRITICAL CONCENTRATION RISK: microsoftazure.com — 487 insureds dependent (41%) If Azure outage: $2.4B aggregate BI exposure Recent changes: /press showed 2 major outages in Q4 ACTION: Model Azure-specific CAT scenario salesforce.com — 234 insureds dependent (20%) If Salesforce breach: $890M aggregate exposure VENDOR HEALTH MONITORING: Vendors tracked: 847 (from /partners pages of insureds) Health alerts this month: Small SaaS vendor showed /security page removal Impact: 23 insureds use this vendor ACTION: Notify policyholders, assess downstream risk

SILENT CYBER SCAN — PROPERTY & GL PORTFOLIO ════════════════════════════════════════════════════════ HIGH SILENT CYBER EXPOSURE (234 non-cyber policies): smartfactoryautomation.com — Property policy only /products: IoT-connected manufacturing, SCADA systems /api: Industrial control API — cyber attack could cause physical damage Silent cyber: $12M property exposure from cyber event connectedhealthdevices.com — Products liability only /products: Internet-connected medical devices /api: Patient data API, device firmware updates Silent cyber: $8M PL exposure from device hacking PORTFOLIO SUMMARY: Non-cyber policies with digital exposure: 234 (4.2%) Estimated silent cyber aggregate: $1.2B ACTION: Add cyber exclusions or affirmative coverage

CYBER CLAIMS ANALYSIS — 2025-2026 (487 CLAIMS) ════════════════════════════════════════════════════════ CLAIMS BY TYPE vs. WEB PROFILE: Ransomware (42% of claims): Victims without /security page: 78% Avg domain age of victims: 4.2 years (vs. 8.1 avg) Top IAB: Healthcare (28%), Manufacturing (19%), Education (14%) BEC/Wire Fraud (23% of claims): Victims without /compliance page: 82% Avg PageRank of victims: 2.1 (vs. 4.3 avg) Most affected: Small businesses (PR <3) Data Breach (21% of claims): Victims with /api page but no /security: 71% Tech companies: Disproportionately affected API exposure without security = highest breach risk PRICING IMPLICATION: Insureds with /security + /compliance: 65% fewer claims Justify 15% premium credit for proven security programs

CYBER PRICING INTELLIGENCE — FEBRUARY 2026 ════════════════════════════════════════════════════════ COMPETITOR RATE MOVEMENTS: coalitioninc.com /pricing: Increased SMB rates 12% corvus.com /products: Added mandatory MFA requirement at-bay.com /press: "Maintaining flat rates for best risks" beazley.com /blog: "Cyber market stabilizing after 3 years" MARKET RATE TRENDS: SMB (<$50M revenue): +5-8% average increase Mid-market ($50-500M): Flat to +3% Enterprise (>$500M): -2% to flat (competitive) OUR POSITIONING: SMB: Competitive — our rates in line with market Mid-market: Slightly above market — risk losing renewals Enterprise: Well-positioned with security posture credits