What CNA CyberPrep Means for Renewal

CNA CyberPrep is one of the most underutilized assets in cyber renewal conversations—not because it's hidden, but because many brokers see it as just another vendor marketplace rather than a deliberate preparation engine for stronger renewals.[1]

Here's the distinction that matters: CNA CyberPrep is not the policy itself. It's the framework that helps your clients prove they're actively improving their security posture between renewals.

When your client shows up at renewal with documented evidence that they completed a CyberPrep risk assessment, deployed CyberPrep-recommended endpoint controls, ran tabletop exercises, and developed stronger incident response procedures, that's not just "nice to have." That's material evidence of risk reduction. CNA will price it accordingly.

This guide walks you through what CyberPrep actually does, how to position it operationally, and most importantly, how to convert CyberPrep activities into renewal-ready evidence.

What CNA CyberPrep Actually Is

CNA describes CyberPrep as a proactive program of cyber risk services developed by CNA Risk Control and CNA cyber underwriters in partnership with leading cybersecurity specialists.[2] The program is designed to help policyholders identify, mitigate, and respond to cyber threats.

CyberPrep is available to all CNA cyber policyholders and provides a network of top cybersecurity professionals and services—some offered at preferred pricing, some included as value-added components with the coverage.

The critical insight: CyberPrep exists alongside CNA cyber coverage, not as a substitute. It's the operational work that makes renewal conversations demonstrably better than initial quotes.

The Three-Part CyberPrep Model: Identify, Mitigate, Respond

CNA's public positioning organizes CyberPrep around three operational stages. Understanding this structure is essential because it mirrors how you should think about cyber renewal files.

Stage 1: Identify—Understanding Current Posture

The Identify phase is about establishing a baseline. What are your client's actual cyber strengths and weaknesses?

What's Included:

• External vulnerability assessments (identifying internet-facing weaknesses)
• Penetration testing (simulating attacker behavior to find exploitable paths)
• Risk assessments (comprehensive evaluation of cyber risk exposure)
• Identity security self-assessment workbook (helping organizations assess identity-related risks and remediation steps)[3]
• eRiskHub portal access (internet-based tools with assessment utilities, prevention guidance, and incident roadmaps)

For brokers: This is where your renewal file starts. If your client hasn't had a recent external vulnerability assessment or risk evaluation, the Identify phase is the logical first step. It gives you current, documented evidence instead of relying on old assessments or client speculation.

Many clients assume they know their vulnerability posture because they "feel secure." CyberPrep's Identify services quantify that feeling and often surface gaps the client didn't realize existed.

Stage 2: Mitigate—Closing the Gaps

Once you know where the gaps are, the Mitigate phase is about taking action.

What's Included: CNA CyberPrep vendors provide preferred-pricing and value-added services for:

• Next-generation endpoint protection (EDR, advanced antivirus): CNA partners like WatchGuard provide endpoint detection and response tools[3]
• Multi-factor authentication deployment: WatchGuard is also a preferred MFA provider[3]
• Incident response planning and testing: Structured tabletop exercises and response plan development
• Policy and procedure development and testing: Documentation of security policies, incident response procedures, and regulatory compliance processes
• Password management and credential vaults: Secure credential storage and management tools
• Employee security awareness and phishing training: Cofense is a named CyberPrep partner for security awareness training[3]
• Ransomware preparedness services: MoxFive specializes in ransomware readiness assessments[3]

For brokers: This is where your client demonstrates action between quote and renewal. Instead of showing up at renewal with the same controls as initial submission, your client can document that they deployed MFA, launched a phishing awareness program, updated their incident response plan, and completed ransomware preparedness work.

The power here is narrative. You're not just claiming your client is "better." You're documenting the specific mitigation steps they took with a CNA-affiliated vendor.

Stage 3: Respond—Preparing for When Incidents Happen

The Respond phase is about having the right partners and procedures in place if a cyber incident actually occurs.

What's Included:

• Breach and privacy counsel (on-demand legal guidance post-incident)
• Forensic investigation and remediation firms (rapid incident investigation and system recovery)
• Notification vendors (managing customer and regulatory notifications)
• Credit monitoring services (provided to affected individuals)
• Public relations firms (managing reputational impact)
• eRiskHub portal with incident roadmaps and response recommendations

For brokers: The Respond phase is less about renewal evidence and more about ensuring your client has the operational support network in place. During initial underwriting, you want to confirm your client has thought about incident response (do they have a plan? Contact list? External counsel?). By renewal, this should be even more mature—they may have actually exercised their response plan in a CyberPrep tabletop.

CyberPrep is Rooted in Recognized Frameworks

One of the strongest parts of CNA's CyberPrep positioning is that the program is modeled on industry-leading cybersecurity frameworks, including the NIST Cybersecurity Framework.[4] This matters because it means CyberPrep isn't just a collection of tools—it's a standards-based approach to cyber risk.

The NIST framework includes five core functions:

1. Identify: Develop organizational understanding of cyber risk
2. Protect: Implement safeguards to enable service delivery
3. Detect: Develop capability to identify cyber incidents
4. Respond: Take action to respond to detected incidents
5. Recover: Restore normal operations post-incident

CyberPrep's three-part model (Identify, Mitigate/Protect, Respond/Recover) maps directly to NIST. This means your client isn't learning CNA's proprietary system—they're building competency in a recognized, portable framework.

For renewal conversations: When you explain CyberPrep to your client, you can position it as "structured improvement aligned with NIST" rather than "vendor services." That resonates differently than a list of tools.

A Critical Clarification: Reports Are Not Automatic Renewal Evidence

This is the distinction many brokers misunderstand, and it's important to get right.

CNA publicly states: Reports and recommendations from CyberPrep vendors, other than services provided by CNA Risk Control, will not be shared with CNA unless the insured and broker choose to do so.[2]

This is actually good news operationally, but it requires broker judgment.

It means:

• Your client can do a CyberPrep vulnerability assessment without CNA automatically seeing it
• Your client can run tabletop exercises and identify gaps without that feeding back into CNA underwriting
• Your client and broker control what gets packaged into the renewal submission

What this means for your workflow: CyberPrep helps your client improve, but it doesn't automatically become renewal evidence. You still have to decide what's worth submitting. This is powerful because:

1. Your client can work through vulnerabilities in a safe space
2. You can organize the evidence strategically (showing the completed work, the remediation timeline, the improvements made)
3. You avoid the dynamic where every assessment or vulnerability automatically becomes an underwriting issue

For brokers: This is where BindLedger and CyberPrep are complementary. CyberPrep helps organizations identify and reduce cyber risk operationally. BindLedger helps you organize what CNA can already see from the outside, collect the evidence they need, and package it strategically for renewal conversations.[5]

Practical CyberPrep Services and Vendors

CNA's public materials name specific vendors within the CyberPrep network. Knowing these names helps you position CyberPrep concretely to clients.

For Awareness and Training:

• Cofense: Security awareness training, phishing simulation, and employee education programs[3]

For Endpoint and Access Control:

• WatchGuard: Next-generation firewall, multi-factor authentication, endpoint detection and response[3]

For Ransomware Readiness:

• MoxFive: Ransomware preparedness assessments and readiness services[3]

Other CyberPrep Network Services (not all named publicly):

• Vulnerability assessment vendors
• Penetration testing firms
• Incident response planning facilitators
• Credential management vendors
• Forensics and investigation firms
• Breach counsel networks

eRiskHub Portal: CNA provides access to the eRiskHub portal, an internet-based resource with:

• Assessment tools and utilities
• Cybersecurity news and threat intelligence
• Prevention and mitigation tips
• Incident roadmaps (step-by-step response guides)
• Response recommendations for common incident types

This portal is available to all CNA cyber policyholders and is useful both for operationally improving your client and for client education.

The Practical Workflow: From CyberPrep to Renewal Evidence

The best way to think about CyberPrep at renewal is that it creates renewal-grade evidence without automatically becoming renewal evidence.

A vulnerability assessment, penetration test, tabletop exercise, MFA deployment project, ransomware preparedness engagement, or phishing-training rollout can all make a renewal file stronger. But unless the broker and insured deliberately package the outputs, the work remains operational improvement rather than submission-ready proof.

Here's a practical workflow:

Step 1: Run the Outside-In Readiness Check First

Before engaging CyberPrep services, use BindLedger's free readiness check to assess your client's external cyber posture. This gives you a baseline: domains, email authentication, DNS configuration, public-facing services, and known vulnerabilities. This scan takes 15 minutes and tells you whether your client has basic internet hygiene in place.

Step 2: Use CyberPrep to Address Gaps

Use CyberPrep resources—especially the Identify services—to address the gaps that are hardest to defend or most relevant to the CNA renewal conversation. For example:

• If your client lacks MFA, use CyberPrep to deploy WatchGuard MFA and document the rollout
• If your client has never tested incident response, use CyberPrep tabletops to build that capability
• If your client's external vulnerability posture is unclear, use CyberPrep vulnerability assessments to quantify the exposure

Step 3: Collect and Organize the Outputs

As your client completes CyberPrep activities, collect the tangible outputs:

• Reports from assessments and pen tests
• Policy updates and incident response plan revisions
• Training records and phishing simulation results
• MFA deployment logs and enforcement evidence
• Tabletop exercise facilitation notes and findings
• Ransomware preparedness workbook completion

These don't automatically go to CNA. You organize them.

Step 4: Package Strategic Evidence for Renewal

As renewal approaches, decide which evidence tells the strongest renewal story. For example:

• "This year, we completed a CyberPrep risk assessment (report attached) and identified three priority mitigation areas. We deployed MFA across all systems (evidence below), completed ransomware preparedness training (documentation below), and updated incident response procedures via CyberPrep tabletop exercises (plan attached)."

That's a completely different renewal conversation than "we still have the same controls we had at quote time."

When CyberPrep Is Most Valuable Before Renewal

CyberPrep is particularly valuable in three renewal scenarios:

1. When Posture Is Unclear

If your account has no recent picture of its external vulnerabilities, identity security posture, or response maturity, CyberPrep's Identify layer is directly relevant. External vulnerability assessments, pen testing, and risk assessments help the insured and broker stop guessing and start documenting.

For example: A client says "we think our security is pretty good," but you haven't actually scanned their external exposure in two years. A CyberPrep vulnerability assessment quantifies reality and gives you current evidence.

2. When Renewal Is Likely to Turn on Ransomware Controls

CNA publicly ties Epack 3 simplification to a shortened ransomware supplement for businesses below $100 million in revenue.[6] That means CyberPrep's mitigation services around endpoint protection (WatchGuard), MFA, response planning, and ransomware preparedness (MoxFive) are especially valuable before the renewal clock starts.

For example: Your client will face the ransomware supplement again at renewal. Using MoxFive's ransomware preparedness service and deploying WatchGuard endpoint protection between now and renewal directly addresses what CNA is going to evaluate.

3. When the Account Needs Better Narrative Discipline

Many renewals are not blocked by lack of tools. They're blocked by lack of coherent proof and ownership. Your client may have EDR and MFA, but if they can't show documented evidence of testing, training, or operational maturity, the renewal conversation is harder.

CyberPrep can improve the underlying posture, but the broker still needs a system for turning that improvement into a clear renewal packet. That's where CyberPrep + BindLedger workflows are powerful.

Why CyberPrep Matters for Small-Business Books

CNA's public small-business materials are explicit about who they're serving: small firms still represent the overwhelming majority of cyber claims, and smaller organizations often lack phishing tests, incident-response plans, and appropriate offline backup storage.[6]

For SMBs especially, CyberPrep is relevant because it gives smaller insureds access to services that might otherwise feel enterprise-only. A $15M revenue company can't afford to hire a full-time security team, but they can access CyberPrep's Cofense training, WatchGuard endpoint controls, and MoxFive ransomware preparedness—often at preferred pricing or as included value.

For a broker or MSP managing a small-business book: You're not asking clients "do you have cybersecurity?" You're helping them move through a simpler cycle:

1. Identify the gaps (CyberPrep assessments)
2. Mitigate the ones that matter most (CyberPrep-affiliated vendors like Cofense, WatchGuard, MoxFive)
3. Show up at renewal with better-documented control story (organized evidence)

That changes the renewal conversation entirely.

CyberPrep + BindLedger: A Complementary Workflow

BindLedger and CyberPrep solve different parts of the cyber renewal problem.

CyberPrep: Helps organizations identify cyber gaps and actively reduce risk through vendor services and structured frameworks.

BindLedger: Helps brokers organize what carriers can already see from the outside, collect the evidence carriers still need, and package it for specific renewal conversations.

The smartest workflow looks like this:

1. Scan with BindLedger to get the outside-in cyber picture
2. Prioritize with CyberPrep to close the most material gaps
3. Collect evidence from the CyberPrep work (reports, training records, deployment logs, policy updates)
4. Package with BindLedger's Carrier Decoder tool (/tools/supplement-parser) to organize evidence against renewal requirements
5. Submit for renewal with a coherent, documented improvement narrative

This especially useful for MSP-led books. An MSP already manages endpoint protection, MFA, backup strategy, and awareness tools across multiple clients. CyberPrep can strengthen that operational work. BindLedger can make the resulting evidence reusable at renewal time, instead of leaving it scattered across vendor portals and email attachments.

Converting CyberPrep to Renewal Evidence: A Real-World Example

Here's how this works in practice:

Initial Quote (Year 1): Client submits application showing:

• MFA on critical systems only
• EDR deployed to 70% of endpoints
• Backups tested once per year
• No formal incident response plan

CNA approves with a premium and a note: "Recommend EDR on all endpoints and formal incident response planning."

Between Quote and Renewal: Client engages CyberPrep:

• Uses CyberPrep risk assessment to identify gaps
• Works with WatchGuard (CyberPrep vendor) to deploy EDR to all endpoints, documented with deployment logs and console access evidence
• Completes Cofense (CyberPrep vendor) phishing awareness training, documented with participation records
• Participates in CyberPrep tabletop exercise to develop incident response plan, documented with finalized response plan

Renewal Submission: Broker packages evidence saying: "Since initial submission, we have:

• Deployed EDR to 100% of endpoints via WatchGuard CyberPrep service (see deployment logs)
• Completed annual phishing awareness training via Cofense CyberPrep program (see training records)
• Formalized incident response plan via CyberPrep tabletop exercise (see finalized plan)

These improvements directly address CNA's renewal recommendations and demonstrate active risk reduction."

Result: CNA sees documented progress and prices the renewal more favorably—often with lower premium or better terms.

FAQ: CyberPrep for Brokers and Insureds

Q: Is CyberPrep required to maintain CNA cyber coverage?

A: No. CyberPrep is an optional program available to all CNA cyber policyholders. However, participation and demonstrated use of CyberPrep services significantly strengthens renewal conversations. Non-participation is not a coverage barrier, but it's a missed opportunity for renewal positioning.

Q: Do CyberPrep reports automatically get shared with CNA at renewal?

A: No. CNA explicitly states that reports from CyberPrep vendors will not be shared with CNA unless the insured and broker choose to do so. You control what gets packaged into the renewal submission. This is actually beneficial because your client can work through vulnerabilities and improvements without every finding automatically becoming an underwriting issue.

Q: How much does CyberPrep cost?

A: CyberPrep is structured as a network of preferred-pricing and value-added services. Some services are included with CNA cyber coverage; others are offered at preferred (discounted) rates. Specific pricing depends on the service vendor and your client's situation. This should be discussed directly with CNA or your CNA broker contact.

Q: If our client uses CyberPrep, does that guarantee better renewal pricing?

A: Not automatically. Better renewal pricing comes from documented risk reduction. If your client completes CyberPrep activities but doesn't organize and present the evidence at renewal, CNA may not credit the work. The evidence workflow matters. Use CyberPrep to improve operationally, then package that improvement into renewal evidence using tools like BindLedger's Carrier Decoder.

Q: Is CyberPrep useful for clients who already have strong controls?

A: Yes, for different reasons. If your client already has strong MFA, EDR, and backup architecture, CyberPrep's value is in advanced work: penetration testing, tabletop exercises, incident response optimization, and ransomware preparedness. Even strong clients benefit from external validation and structured improvement frameworks.

Q: How do I position CyberPrep to a small-business client who thinks "cybersecurity is IT's job"?

A: Reframe it as a simplified improvement cycle: "CNA offers services to help you understand where your cyber gaps are (Identify), close the ones that matter most (Mitigate), and be ready if something happens (Respond). This work makes your renewal conversation easier because we can show CNA you're taking cyber seriously." Most small business owners don't resist cyber improvement—they resist complexity. CyberPrep simplifies it.

Where to Go Next

If you're ready to strengthen a CNA renewal:

1. Start here: Run BindLedger's free readiness check to understand your client's current external posture.

2. Identify gaps: Compare readiness check results against what your client will face at CNA renewal. What's missing?

3. Engage CyberPrep: Work with CNA to leverage CyberPrep services that address your client's top renewal gaps. Focus on Identify (assessments) and Mitigate (WatchGuard, Cofense, MoxFive) work.

4. Collect evidence: As your client completes CyberPrep work, systematically collect reports, training records, deployment logs, and documentation.

5. Package for renewal: Use BindLedger's Carrier Decoder to organize evidence against CNA's likely renewal questionnaire. Build a coherent improvement narrative.

6. Reference other carriers: If you're shopping renewal to other carriers, check our guides on Beazley cyber insurance and other carriers to compare positioning across markets.

Cross-Carrier Context

CyberPrep is unique to CNA, but other carriers offer similar risk-services programs. Here's how CNA compares:

• CNA CyberPrep vs. Beazley Risk Intelligence: Both offer risk assessments and mitigation services. Beazley's model is less vendor-specific; CyberPrep names specific partners (Cofense, WatchGuard, MoxFive). For implementation, CyberPrep is often easier operationally because recommended vendors are pre-vetted.

• CNA CyberPrep vs. Chubb Cyber Services: Chubb offers cyber-risk services but is more focused on claims response than pre-loss mitigation. CyberPrep's strength is in the improvement phase before claims.

For detailed comparison, see our main CNA application guide.

Bottom Line

CNA CyberPrep is most powerful when you use it operationally—not as a marketing feature, but as a structured framework for improving your client's cyber posture between renewals.

The three-part model (Identify, Mitigate, Respond) mirrors how you should think about cyber renewals: understand current posture, close the gaps that matter, and ensure incident readiness. The named vendors (Cofense, WatchGuard, MoxFive) give you specific partners to recommend. The eRiskHub portal provides ongoing support. And the critical clarification—that you control what gets shared with CNA—means you can work through improvements strategically.

The brokers who win at cyber renewals aren't the ones with the slickest tools. They're the ones who help their clients improve continuously between quotes and renewals, organize that improvement into clear evidence, and present it coherently at renewal time.

CyberPrep is the operational backbone. BindLedger helps you organize and present it. Together, they strengthen your renewals materially.

---