What Cyber Insurance Underwriters Ask AI Startups
The cyber insurance application is a security audit in disguise. What underwriters check in 2026, the AI exclusions creeping in, and when coverage is real.
TL;DR: The cyber insurance application that lands on your desk is not an insurance document. It’s a security audit in disguise — the same MFA, EDR, backup, and incident-response questions an enterprise security review or a SOC 2 auditor will ask you, rephrased by an actuary. That’s good news if you treat it that way: do the controls work once and insurance, compliance, and enterprise sales all get cheaper together. It’s very bad news if you treat it as paperwork, because a checkbox you answered optimistically can void the whole policy — carriers have already rescinded coverage over a misrepresented MFA answer. And if you’re an AI company there’s a new layer: insurers are quietly carving AI out of some policies while affirmatively covering it in others, and the difference is in endorsement language nobody reads until the claim is denied.
Why this questionnaire is on your desk at all
Almost no pre-Series-A founder wakes up wanting cyber insurance. The questionnaire shows up for one of three reasons: an enterprise customer’s procurement team made coverage a contract condition, an investor’s term sheet or board asked for it, or a compliance framework you’re chasing listed it as an expected control. In other words, it arrives the same way SOC 2 arrives — as a revenue gate, not a security initiative.
That origin matters, because it tells you how to size the decision. The question is almost never “do we philosophically believe in risk transfer.” It’s “this $180K contract requires $2M in cyber liability coverage — what’s the cheapest path to a policy that will actually pay out.” Both halves of that sentence deserve attention. Founders reliably optimize the first half and skip the second, and the second is where the trap is.
The application is a security audit with a premium attached
Ten years ago, cyber insurance applications were a page of revenue questions. Today, underwriting has quietly become a technical audit. The 2026 application asks, in some order, about four control families — and the bar for each has moved from “do you have it” to “prove it”:
MFA, everywhere that matters. Not “do you offer MFA” — is it enforced on email, VPN or remote access, cloud admin consoles, and every privileged account. Underwriters treat available-but-optional MFA as a no, and surveys of carrier requirements put enforced MFA on effectively every application in 2026. For a ten-person startup living in Google Workspace, GitHub, and AWS, this is a config afternoon, not a project. Do it before you apply, not in the two weeks after the incident.
EDR on endpoints and servers. Carriers ask what endpoint protection you run, and legacy antivirus no longer counts — the expectation is a real EDR agent, increasingly with someone watching the alerts. For a small team this is one of the few line items that costs actual money, and it’s also one of the first things an enterprise security reviewer asks about, so you were buying it anyway.
Backups you have restored, not backups you have. The questions now cover frequency, immutability, and — the part teams fail — evidence of a tested restore. “We have backups” answered honestly means “we have run a restore and it worked, and we can show the log.” If you can’t, the honest answer is no, and you should go earn the yes before you sign.
A written incident response plan. Underwriters ask whether you have one and, increasingly, whether you’ve exercised it in the last year. At pre-Series-A this doesn’t need to be a 40-page binder — it needs to be a real document that names who declares an incident, who talks to customers, and who calls the carrier’s breach hotline (that last one is in the policy for a reason: call them first, or you may find “unapproved vendor costs” aren’t covered).
Notice what that list is. It’s the same list an AI-native security program starts with, and the same list on every enterprise security questionnaire you’ll ever receive. The insurance application is not extra work; it’s a third buyer for work you already owe two other people. That’s the reframe that makes this whole topic cheap: build the controls once, then let the auditor, the procurement reviewer, and the underwriter each read their copy of the same evidence.
The checkbox that voids the policy
Here’s the part the broker’s glossy PDF underplays. A cyber policy application is a legal representation, usually signed by an officer of the company. Answer a control question wrong — even sloppily rather than maliciously — and the carrier has grounds to rescind the policy after the incident, when you need it most.
This isn’t theoretical. In 2022, Travelers sued its own insured, International Control Services, after a ransomware attack revealed the company had attested to MFA it wasn’t actually using. The application had been signed by the CEO and the person responsible for network security. The outcome: ICS agreed to a judgment rescinding the entire policy — not a denied claim, a policy treated as if it never existed. Brokers now cite the case as the reason to answer application questions with care, and carriers have kept raising misrepresentation issues on incorrect application answers since.
The founder-brain failure mode here is exactly the one that fills out enterprise security questionnaires optimistically: “we basically have MFA, we’re rolling it out, close enough — check.” On a sales questionnaire that costs you credibility. On an insurance application it costs you the coverage. If the true answer is “partially,” say partially, or fix it first. A policy bought with a wrong checkbox is paper, not coverage — you’re paying premiums for a document the carrier can walk away from precisely when it’s expensive for them to stay.
The AI layer: covered, excluded, and silently ambiguous
If you’re building an AI product, there’s a second reading assignment, because the insurance industry is actively redrawing lines around AI right now and your policy sits on one of them.
Three things are happening at once:
General liability and E&O are adding AI exclusions. In January 2026, ISO — the organization whose standard forms most carriers build on — issued three new generative-AI exclusion endorsements for commercial general liability, barring coverage for harms tied to generative-AI outputs: defamatory content, IP infringement in generated material, damages traceable to AI-driven errors. On the professional-liability side, at least one carrier has filed an absolute AI exclusion for D&O and E&O lines covering “any actual or alleged use, deployment, or development of Artificial Intelligence.” For a company whose entire product is AI, an exclusion with that language is close to an exclusion of the company.
Cyber policies, by contrast, are mostly affirming AI. The cyber line has moved the other way: carriers are affirming coverage for AI-driven attacks rather than excluding them. Coalition added an affirmative AI endorsement clarifying coverage for AI-related security events — including deepfake-driven fraudulent instructions — and later folded it into its base policy. So the attack surface where AI is the weapon pointed at you is increasingly explicitly covered.
A new product category is forming for the gap in between. Harms caused by your model’s own behavior — hallucinations, model underperformance, output errors — are the gap classic cyber never contemplated, and standalone products like Armilla’s Lloyd’s-backed AI liability policy and Munich Re’s aiSure are emerging to cover exactly that. Most pre-Series-A companies don’t need these yet. You need to know they exist so you stop assuming your cyber policy covers what they cover.
The practical takeaway is a reading exercise, not a buying exercise: when the quote comes back, find the AI language. Is there an AI exclusion, an affirmative AI endorsement, or silence? Silence is the worst answer, because silent-AI ambiguity gets resolved in court after the claim. And expect the application itself to grow AI-specific questions — which third-party LLM providers you depend on, what customer data reaches them, whether customer data trains models. Those are the same questions enterprise security reviews already ask AI vendors, which is one more argument for having real answers instead of aspirational ones.
What it actually costs, and how founders get the sizing wrong
The good news: at startup scale this is one of the cheaper line items in the security budget. Market surveys put small-business cyber premiums around $1,500–1,800 a year for $1M in coverage, with startup-specific estimates in the $750–2,500 range for basic coverage and typical policy limits running $1M to $5M. Your actual number moves with how much sensitive data you hold and how good your controls look on the application — the same controls above, which is why doing them first isn’t just integrity, it’s a discount.
The two sizing mistakes I see, in both directions:
Underbuying by accident: taking the $1M minimum because it’s the default, when the enterprise contract that triggered the purchase explicitly requires $2M or names coverage types (breach response, business interruption, tech E&O) the cheap policy omits. Read the insurance clause in the customer contract before you get quotes; it’s the actual spec.
Overbuying from fear: a five-person pre-revenue team with no meaningful customer data buying a $5M tower plus riders because an incident headline scared the board. If no contract requires it and you hold nothing worth breaching yet, the premium is usually better spent on the controls themselves — the prioritization math is the same as the security-hiring math: spend where the risk actually is at your stage, not where the vendor’s fear content points.
The honest decision rule: buy when a contract, a board, or real data-holding demands it; size to the strictest contract you’re signing; and never buy coverage as a substitute for the controls, because the application will force the controls anyway and a policy without them is rescindable paper.
Do the work once
Strip the actuarial wrapper off and the cyber insurance application is the third appearance of the same exam: enforced MFA, real endpoint protection, tested backups, a written IR plan, straight answers about your AI supply chain. The SOC 2 auditor asks it with a different rubric. The enterprise procurement reviewer asks it in a spreadsheet with 240 rows. The underwriter asks it with a premium — and, as ICS found out, a rescission clause — attached.
Companies that treat those as three separate fire drills do the work three times, badly, under three deadlines. Companies that build the controls once, with evidence, answer all three from the same folder. That’s the whole trick, and it’s very achievable at a five-person company — most of the list is configuration and documents, not headcount.
If a customer contract just made coverage urgent and you want the application answered truthfully and quickly — controls stood up in the right order, evidence that satisfies the underwriter and the next security review in one pass — that’s exactly the kind of engagement I run.