Insurance Readiness Assessment

Insurance Readiness Assessment

This assessment will take approximately 20-30 minutes to complete. You may save and continue later. Please complete the fields below and provide as many details as possible. Upon completion of the assessment, you'll receive the following: analysis of your organization's accepted vs. addressed risk, current threat levels, impact on insurance underwriting and claims, insurance requirements for coverage and financial warranties, the estimated cost of a serious incident, cyber liability and/or insurance quotes, and a detailed analysis of your security gaps.
Antigen Security User Responsible
This is our staff member that will receive your assessment for review.
This form uses a 256-bit SSL connection and is PCI, GDPR and CCPA compliant. All submissions are encrypted with RSA 2048 and automatically deleted. A licensed insurance agency will prepare your insurance quote. All quotes are subject to state availability and suitability.
How would you like to complete your assessment?

I'll complete myself online.I'd like to schedule a workshop with an Antigen staff member.
Organization Information

Please tell us a little about your organization. The better we understand your organization the more customization we can provide you in order to maximize security while reducing expenses.
Schedule a meeting with Matt McGonigle below. After scheduling you may close this window.
Organization Full Legal Name*
Organization DBA/Trade Name
Main Contact Full Name*

First NameLast Name
Main Contact Title*
Main Contact Phone #*
Main Contact Email Address*
Organization Shipping Address
Organization Billing Address
Organization Phone Number
Organization Email Address
Organization Website
Organization Background

In order to determine the proper cyber security controls and the potential cost of a breach it is important for us to know to a little more about your organization.
What year was the Organization established?
What is the Organization's Primary Industry(s)?
How many customers/members/users does the Organization have currently?
Total Number of Locations
Total Number of Locations Outside of the United States
Organization's Approximate Annual Revenue

Start Up - $1mm$1mm - $2.0mm$2.0mm - $5.0mm$5.0mm - $10mm$10mm - $25mm$25mm - $50mm$50mm - $100mm$100mm - $500mm$500mm - $1bOver $1b
Organization's Approximate Annual Operations Cost
This information is necessary in order to prepare your organization with an estimate of the cost of a serious incident or breach.
Please use this section to provide us with any other relevant information or general notes related to the Organization:
Organization IT Environment

The following questions are required to understand the current IT Environment of your organization. Please answer each question and provide additional information as needed.
Total Number of Workstations
Total Number of Laptops
Total Number of Servers (Physical)
Total Number of Servers (Virtual)
Total Number of Endpoints
Approximate Number of Users Accessing Networks
Total Number of IT Assets
Do you have an up-to-date IT Asset List?

YesNo
Do you utilize an Asset and Inventory Management System?

YesNo
Which Asset and Inventory Management System are you currently using?
Which other Asset and Inventory Management System are you using?
Please use this section to provide us with any other relevant information or notes related to the IT Environment:
Organization Staff + Asset / Device Management

The following questions are required to understand the risk management in place for both your staff and digital assets + devices in use by your organization. Please answer each question and provide additional information as needed.
Total Number of Full Time Employees*
Total Number of Part Time Employees
Total Number of Outside Vendors and Contractors
*Vendors or Contractors with access to your environment.
Do you have a Vendor Risk Management solution in place?

YesNo
Which of the following Vendor Risk Management solutions are you currently using?
What other Vendor Risk Management solution are you using?
Total Number of Internal IT Staff (All Departments)*
Total Number of Cyber Security Staff*
Does any of your Staff work remotely?

YesNo
Does your IT + Cyber Security Staff work remotely?

YesNo
Where is your IT + Cyber Security Staff located?

Street Address

Street Address Line 2

CityState / Province

Postal / Zip Code
Are your employees subject to ongoing Background Checks?

YesYes. But, only one time at initial hiring.No
Which provider are you using for employee Background Checks?
Are your employees subject to ongoing Identity Screening + Monitoring?

YesYes. But, only one time at initial hiring.No
Which provider are you using for employee Identity Screening + Monitoring?
Do you have a written Employee Policy in place for employees to notify your organization of Identity Breaches?

YesNoUnsure
Please upload a copy of your Employee Identity Breach Notification Policy.

Cancelof
Please tell us if any of the following Corporate Devices are issued to employees?

Cell PhoneDesktop (for remote access)LaptopTabletNONEOther
Are your employees permitted to use their own Personal Devices?

YesNo
Does your organization utilize any of the following Mobile Devices in the course of operations?

Cell PhoneCredit Card ReaderLaptopMobile HotspotTabletNONEOther
Do you have a Mobile Device Management solution implemented for all related devices?

YesNoUnsure
Please tell us which Mobile Device Management solutions you currently have implemented and/or any related details:
Do you have Mobile Protection and Information-Centric Endpoint Protection?

YesNo
Which Mobile Protection and Information Centric Endpoint Protection are you currently using?
Which other Mobile Protection and Information Centric Endpoint Protection are you using?
Please indicate any Digital Assets that your organization owns:

Proprietary SoftwareProprietary Hardware + Related ITDigital Manuscripts / Learning Management SystemsDigital Audio / Video AssetsMetadataCryptocurrency / NFTs / TokensSocial Media AccountsRegulated / Official Security TokensNONEOther
Do you have a Digital Asset Management Program?

YesNoUnsure
Please tell us more about the Digital Asset Management Program that you currently using and/or any related details:
Is your organization using any Web / Cloud Services?

YesNo
Total Number of Virtual Machines
Virtual Machines, such as, but not limited to: Linux and Windows, running on platforms such as AWS EC2, Azure VMs, or Google Compute Engine
Total Number of Container Hosts
Container Hosts, such as, but not limited to: those running Linux or Windows containers, on platforms such as Amazon ECS or EKS, Azure Kubernetes Service, or Google Kubernetes Engine.
Total Number of Serverless Functions
Serverless Functions, such as, but not limited to: AWS Lambda, Azure Functions, or Google Cloud Functions.
Total Number of VM Machine Images
VM Machine Images, such as, but not limited to: Amazon Machine Images (AMIs), Azure machine images, or Google machine images, to be scanned.
Total Number of Container Images in Registry
Container Images in Registry in services such as Amazon Elastic Container Registry (ECR), Azure Container Registry (ACR), Google Cloud Container Registry (GCR), and others to be supported and scanned.
Are you using any Cloud Security Posture Management tools that covers all cloud risks: spanning misconfigurations, vulnerabilities, identity risks, data security, API / PII / crown jewel asset exposure, and advanced threats?

YesNoUnsure
Which of the following Cloud Security Posture Management tools are you currently using?
Which other Cloud Security tool are you using?
Are you using any Cloud Native Endpoint Detection and Response solutions?

YesNo
Which Cloud Native EDR are you currently using?
Which other Cloud Native EDR are you using?
Please tell us more about the Web / Cloud Services that you currently using and/or any related details:
Do you provide Remote Access of any kind to staff or customers / members?

YesNo
Who is your current Remote Access Vendor?
Do you have any Remote Monitoring tools in place for controlling the Configuration and State of systems?

YesNo
Which of the following Configuration Management tools are you currently using?
What other Configuration Management tool are you using?
Cyber Security Questionnaire

The following questions are required to diagnosis the current cyber security environment of your organization. Please answer each question and provide additional information as needed.
Do you have Endpoint Detection & Response (EDR)?*

YesNoUnsure
Which of the following EDR solutions are you currently using?
What other EDR solution are you using?
Do you have Next Generation Anti-Virus on all endpoints?*

YesNoUnsure
Which of the following Next Generation Anti-Virus solutions are you currently using?
What other Next Generation Anti-Virus solution are using?
Do you have Managed Detection & Response (MDR) in place for all sources of active detection?*

YesNoUnsure
Which of the following MDR solutions are you currently using?
What other MDR solution are you using?
Do you have a Vulnerability Assessment and Management solution to discover and assess assets in your environment, including dynamic cloud or remote workforce assets?

YesNo
Which Vulnerability Assessment and Management solution are you currently using?
Which other Vulnerability Assessment and Management solution are you using?
Which of the following Email Providers are you currently using?
Who is your current Email Provider?
Do you have Advanced Email Protection for O365/G-Suite as well as your cloud-based collaboration platforms including: pre and post delivery protection, URL and attachment sandboxing, anti-malware scanning, data loss prevention, and encryption?*

YesNoUnsure
Which of the following Advanced Email Protection solutions are you currently using?
What other Advanced Email Protection solution are you using?
Do you have Multi-factor Authentication (MFA) implemented for all users?*

YesNoUnsure
Do you have Multi-factor Authentication (MFA) implemented for all remote access and 3rd party applications?*

YesNoUnsure
What MFA solution are you currently using?
What other MFA solution are you using?
Do you have Password Identity Management and Administration tools in place?

YesNo
Which Identity Management and Administration tool are you currently using?
Which other Identity Management and Administration tool are you using?
Do you have Access and Rights Management tools in place?

YesNo
Which Access and Rights Management tool are you currently using?
What other Access and Rights Management tool are you using?
Do you have Application Safelisting (whitelisting / blacklisting) enabled for all workstations and servers?*

YesNoUnsure
Do you have Zero Trust Segmentation implemented for all endpoints?*

YesNoUnsure
Which Zero Trust Segmentation solution to you currently have implemented?
What other Zero Trust Segmentation solution are you currently using?
Do you use a Zero Trust Network Access Solution to control remote access?*

YesNoUnsure
Which of the following Zero Trust Network Access Solutions do you currently use?
What other Zero Trust Network Access Solution are you using?
Do you have Privileged Access Management (PAM) implemented for all privileged accounts?*

YesNoUnsure
Which Privileged Access Management (PAM) solution are you currently using?
What other Privileged Access Management solution are you using?
Do you currently have Segregation of Duties + Business Controls in place for all outgoing payments / funds transfers?*

YesNoUnsure
Do you have Single Sign On (SSO) enabled and configured for all 3rd party applications?*

YesNoUnsure
Do you have At-Rest Encryption enabled for all endpoints and devices?*

YesNoUnsure
Do you have a formal Patch Management Program in place which is informed by critical security and vulnerability data within 30 days?*

YesNoUnsure
Do you have an Immutable Backup Strategy (REQUIRES: 3+ backup sources covering all systems / data and 1+ offline / inaccessible from the network where the systems/data reside)?*

YesYes, we have a Backup Strategy. But, it does NOT meet these requirements.NoUnsure
Which Immutable Backup Strategy are you currently using?
Which other Immutable Backup Strategy are you using?
Do you have a Log Resilience/Centralization Platform (such as a SIEM)?*

YesNoUnsure
Which of the following SIEMs are you currently using?
What other SIEM are you using?
Do you have Next Generation Firewalls at all locations (REQUIRES: inbound / outbound proxy, threat detection, DoS protection, etc)?*

YesYes, we have Firewalls. But, they are NOT Next Generation.NoUnsure
Please use this section to provide us with any other relevant information or notes related to your current Cyber Security Controls + Environment:
Technologies + Development

The following questions are related to specific technology needs and development. Please answer each question and provide additional information as needed.
Do you have Operational Technologies?

YesNo
Do you have Operational Technology Detection and Response solutions?

YesNo
Which of the following Operational Technology Detection and Response solutions are you currently using?
What other Operational Technology Detection and Response solution are you using?
Do you develop Applications or Custom Code for yourself or customers?

YesNo
Do you have Application and Code Security solution in place?

YesNo
Which of the following Application and Code Security solutions are you currently using?
What other Application and Code Security solution are you using?
Do you develop Web Applications or APIs, or utilize APIs for any of your own Web Applications?

YesNo
Do you have Web Application and API Security solutions in place?

YesNo
Which of the following Web Application and API Security solutions are you currently using?
What other Web Application and API Security solution are you using?
Do you host your own Custom Email or any similar Custom Applications?

YesNo
Do you have a DDoS Attack Mitigation solution in place?

YesNo
Which of the following DDoS Attack Mitigation solutions are you currently using?
Which other DDoS Attack Mitigation solution are you using?
Cyber Security Program

The following questions are required in order to better understand your written policies + procedures and response plans. Please answer each question and provide additional information as needed.
Do you have a Written Cyber Security Program in place which aligns with regulatory requirements and/or industry standards (NIST, CIS, etc)?*

YesNoUnsure
Please upload a copy of your current Cyber Security Program.

Cancelof
Is your organization (OR any of your customers) subject to additional regulatory requirements by any of the following regulated industries?

Financial ServicesGovernmentHealthcareInsuranceSecurityOther
Do you have an Incident Response Plan in place currently?

YesNoUnsure
Is your Incident Response Plan approved by your insurance carrier?

YesNoUnsure
Do you have a dedicated Computer Security Incident Response Team (CSIRT)?

Yes (internal)Yes (external)No
Who is your external Computer Security Incident Response Team?
Is your Computer Security Incident Response Team (CSIRT) approved by and aligned with your insurance carrier?

YesNoUnsure
How often are you conducting Tabletop Exercises?
Please tell us more about your current Incident Response Plan:
Please use this section to provide us with any other relevant information or notes related to your current Cyber Security Program and planning:
Cyber Liability Insurance

The following questions are required to establish and understanding of your current cyber insurance in force (or desired coverage). Please provide as many details as known related to the coverage.
Does your organization currently have Cyber Liability Insurance?

YesNoUnsure
Who is your current Insurance Carrier?
What type of insurance policy is in force?
Is the insurance policy part of a Group/Membership Plan or your own coverage?

Our Organization's Own Insurance PolicyPart of a Membership Plan PolicyPart of a Group PolicyUnsure
What is the existing coverage limit Per Incident?
What is the existing coverage limit Policy Maximum?
When is the Renewal Date for this policy?

MonthDayYear
Date
Have you received an Offer for Renewal?

YesNoUnsure
Please list the dates and provide details (ransomware, business email compromise, data loss, etc) of any incidents or cyber insurance claims which occurred in the last 5 years:
Is Cyber Liability Insurance desired?

YesNo
What is the amount of cover desired/required?
When would you like coverage to begin?

MonthDayYear
Date
Please indicate if you would like recommendations for any additional coverage:

Comprehensive Commercial Liability InsuranceTech E+O InsuranceDevice + Hardware InsuranceDirectors + Officers InsuranceWorkers' Compensation InsuranceDigital Asset InsuranceSocial Media Account InsuranceIdentity Theft
Please use this section to provide us with any other relevant information or notes related to your current Cyber Insurance or desired / required coverage:
Submitter Name*

First NameLast Name
Submitter Email*
example@example.com
Date Submitted*

MonthDayYear
Date
Hour MinutesAM/PM Option
Should be Empty:

Insurance Readiness Assessment

Organization Information

Organization Background

Organization IT Environment

Organization Staff + Asset / Device Management

Cyber Security Questionnaire

Technologies + Development

Cyber Security Program

Cyber Liability Insurance