Understand what cyber underwriters really ask about backups. Learn the 5 operational factors they assess and what evidence to prepare.
When underwriters ask 'Do you have backups?', they are not asking whether backup files exist. They are assessing five operational factors: backup frequency (daily minimum for critical data, to limit recovery point objective), backup isolation (offline or air-gapped copies that ransomware cannot reach), retention depth (old versions of data, not just current versions), immutability (backups cannot be encrypted or deleted even if credentials are compromised), and restore testing (proven ability to recover critical systems within acceptable timeframes). Underwriters focus on isolation and immutability because ransomware targeting backups eliminates your recovery option—if backups remain network-connected, ransomware traversing the network can encrypt them too. Underwriting checklists now explicitly cite backups (alongside MFA and EDR) as a refusal criterion in hard markets. Brokers should prepare evidence documenting: backup frequency cadence, air-gap/offline confirmation, retention period and versioning strategy, immutability control screenshots, and recent successful restore tests.
Client asked 'Do you have backups?' on cyber application; broker receives 'yes' from IT; broker checks box; underwriter later discovers backups are network-connected, retained for only 7 days, or lack immutability controls; underwriter requests clarification or issues contingency.
Backup questionnaire language is too vague; brokers and IT teams don't understand what aspects underwriters actually care about; lack of standardized backup evidence format; no visibility into whether backup posture meets underwriting requirements until after submission.
Structured backup attestation showing: backup frequency and systems covered, isolation method (offline/air-gapped/S3 Object Lock), retention period and versioning, immutability controls enabled, and date/results of last restore test. API integration to query backup tools directly.
Use Evidence Room
Use Evidence Room →“Underwriters care about backup frequency, isolation, retention, and restore testing — not just the presence of backups.”
“Backup isolation and immutability are critical because ransomware can encrypt network-connected backups.”
“The cost of a data breach without backups is 55% higher than with backups, explaining underwriter prioritization of this control.”