Skip to content
BastionSec
Contact us
Cross-cutting · Cyber Insurance

A stronger posture, a better risk profile: we prepare your company for cyber cover.

Cyber insurers assess how protected you are: certifications, MFA, backups, access management. We put the controls in place and prepare you for the insurance questionnaire, so you reach the negotiation with a better risk profile.

  • Security controls aligned with what insurers ask for.
  • We prepare you for the insurance questionnaire with real evidence.
  • Consulting and facilitation: you take out the policy with your broker or insurer.
Contact usStart with certification
What we are (and aren't): we offer technical consulting and facilitation to improve your cyber risk profile. We are not an insurance intermediary: we don't sell policies, we don't provide regulated insurance advice and we don't underwrite cover. You take out the policy with your broker or insurer; we get you there ready.

Who it's for

Quick self-qualification: do you recognise yourself in one of these?

About to get insured

You want cyber cover and the insurer sent you a questionnaire packed with technical questions. We get you ready to answer well.

Paying high premiums

You already have a policy but the premium is steep or the terms tight. Improving controls can change the assessment.

Newly certified company

You earned ISO 27001 or SOC 2: it's the right moment to make those controls count with the insurer too.

See ISO 27001

Why security affects the premium

Cyber insurers price risk: before offering cover they want to know how exposed you are. They find out through a technical questionnaire probing MFA, backups, access management, training, incident response and certifications.

A company with solid controls and, better still, a recognised certification presents a lower risk profile. That can translate into better terms: it's facilitation, not a numerical promise. The final assessment stays with the insurer.

What we do

We work on the technical side: we genuinely make you safer and prove it.

Questionnaire review

We analyse the insurance questionnaire and find where you fall short of what's being asked.

Tuning the controls

We fix the controls that weigh in the assessment: MFA, backups, access, incident handling.

Data protection

Evidence and certification

We build the evidence to present; where it makes sense, we take you to a certification that speaks insurers' language.

See ISO 27001

Negotiation prep

We help you reach the conversation with your broker or insurer with a clear, documented picture of your security profile.

Facilitating the dialogue

We act as a technical bridge between you and your insurance intermediary, translating requirements into concrete actions.

Keeping it up over time

At renewal the controls still need to be demonstrated: with the continuous-security retainer you stay ready.

Explore the retainer

How it works

A technical path, often downstream of a certification. The goal is a better, demonstrable risk profile.

  1. 1

    Initial assessment

    We photograph your controls against what insurers ask for.

  2. 2

    Gaps & priorities

    We find the gaps that weigh most in the assessment.

  3. 3

    Remediation

    We implement the missing controls and gather the evidence.

  4. 4

    Preparation

    We fill in the questionnaire with you and prepare the documentation.

  5. 5

    Talking to the intermediary

    You go to your broker/insurer with a solid profile; we facilitate the technical side.

Controls insurers look at most

  • MFA on email, privileged accounts and remote access.
  • Regular, tested and protected backups (offline or immutable).
  • Access management and least privilege.
  • Anti-phishing training and incident handling.
  • Patch management and endpoint protection.
  • Recognised certifications (e.g. ISO 27001) as a shorthand signal of maturity.

Model and pricing

This is consulting and facilitation, typically on request or as an upsell downstream of a certification or data-protection path. We define the scope after the initial assessment.

Often the most efficient route is to start with certification (which improves the profile on many fronts) and then use those controls and evidence in the dialogue with the insurer. See the pricing page.

Frequently asked

Do you sell cyber insurance policies?

No. We are not an insurance intermediary and we don't sell policies. We offer technical consulting and facilitation to improve your risk profile; you take out the policy with your broker or insurer.

Do you guarantee the premium goes down?

No, and be wary of anyone who promises it: the price is set by the insurer based on their assessment. What we do is genuinely improve the controls and make them demonstrable, which works in your favour.

Will you advise me on which policy to choose?

No: choosing the cover, limits and clauses is insurance advice, the remit of licensed intermediaries. We work on the technical security side and facilitate the dialogue with them.

Do I already need a certification?

No, but it helps a lot. A certification like ISO 27001 covers much of what insurers ask for. If you don't have one, it's often worth starting there.

What does 'facilitation' mean?

We act as a technical bridge between you and your broker/insurer: we translate the questionnaire's requirements into concrete actions and prepare the evidence. We don't enter the insurance contractual relationship.

Go deeper

ISO 27001

The certification that improves your risk profile across many controls insurers ask for.

Learn more

Data Protection

Access, MFA, backups and encryption: the concrete controls that weigh in the insurance assessment.

See the hub

Continuous security

The retainer that keeps controls demonstrable at policy renewal too.

Explore the retainer

Reach cyber cover with a better profile.

Tell us your need: we see your controls against what insurers ask for and where to start.

Contact us