GLOSSARY

Cyber Insurance Evidence Glossary

Clear definitions for the terms brokers, MSPs, and IT teams encounter during cyber insurance renewals. These definitions reflect how BindLedger uses each term and how they map to carrier underwriting expectations.

Terms

Cyber insurance evidenceControl evidenceAttestationCarrier supplementRenewal intakeReadiness checkOutside-in verificationTenant-level evidenceEvidence freshnessEvidence provenanceCarrier-mapped readinessRemediation blockerStraight-through renewalClient attestationMSP evidenceBroker reviewSubmission packetRescission riskEvidence packetControl taxonomy

Cyber insurance evidence

Documentation, exports, logs, or attestations that demonstrate a security control is in place and operating. Evidence can be auto-verified (e.g., DNS records) or manually collected (e.g., MFA enrollment reports).

Control evidence

Proof that a specific security control is implemented and active. Different from a policy document, which describes intent. Control evidence shows the control is actually working.

Attestation

A formal statement by a responsible party (usually the insured or an authorized representative) confirming that a control is in place. Attestations are used when automated verification is not possible.

Carrier supplement

A questionnaire or additional form issued by an insurance carrier as part of the application or renewal process. Supplements contain questions about specific security controls and require evidence or attestation in response.

Renewal intake

The process of receiving, reading, and triaging a carrier renewal notice. Includes extracting deadlines, identifying required supplements, and routing questions to responsible parties.

Readiness check

An assessment of an organization's cyber insurance readiness based on observable security controls. BindLedger's free readiness check evaluates controls visible from public infrastructure (DNS, TLS, exposed services) and maps findings to carrier expectations.

Outside-in verification

Security assessment performed using only publicly observable data — DNS records, certificate transparency logs, TLS configuration, HTTP headers, and internet-facing services. Does not require authentication or tenant access.

Tenant-level evidence

Evidence that requires authenticated access to internal systems. Examples: MFA enrollment reports from Okta or Entra ID, EDR deployment coverage from CrowdStrike, backup configuration exports from Veeam. Cannot be verified from outside.

Evidence freshness

How recently evidence was collected or verified. Carriers increasingly expect evidence to be current (within 30–90 days of submission). Stale evidence may not satisfy underwriting requirements even if the underlying control hasn't changed.

Evidence provenance

The chain of custody and source of a piece of evidence. Includes when it was collected, from which system, by whom, and whether it was auto-exported or manually assembled.

Carrier-mapped readiness

The practice of aligning security findings and evidence to specific carrier questionnaire requirements. BindLedger normalizes questionnaire items into control-level evidence requirements so findings and evidence can transfer across carriers.

Remediation blocker

A finding that is likely to prevent policy issuance, cause a coverage exclusion, or trigger additional underwriting scrutiny. Common blockers include missing DMARC enforcement, publicly accessible RDP, and absent MFA.

Straight-through renewal

A renewal that proceeds without additional underwriting questions, supplemental requests, or evidence demands. Requires clean readiness posture and complete evidence documentation.

Client attestation

A statement from the insured organization (not the broker or MSP) confirming a control is in place. Required for controls that cannot be verified through technical exports or outside-in scanning.

MSP evidence

Technical exports or reports provided by a managed service provider demonstrating that security controls are deployed and operating in a client environment. Examples: EDR coverage reports, MFA enrollment summaries, patch compliance dashboards.

Broker review

The process by which an insurance broker reviews collected evidence, attestations, and readiness findings before submitting an application or renewal to the carrier.

Submission packet

A compiled set of evidence, attestations, readiness findings, and carrier-mapped documentation assembled for submission alongside a cyber insurance application or renewal. Not a replacement for the signed application itself.

Rescission risk

The risk that an insurer voids a policy retroactively because material misrepresentations were made in the application. Inaccurate attestations or unsupported evidence claims increase rescission risk.

Evidence packet

A structured collection of verified findings, collected evidence, open gaps, and carrier mappings assembled to support a cyber insurance submission. May include an executive summary, scan results, manual evidence checklist, and attestation references.

Control taxonomy

A standardized classification system for security controls referenced in cyber insurance underwriting. Common categories include email authentication, MFA, EDR, backup and recovery, privileged access, incident response, and security awareness training.