Cyber Insurance Checklist for Canadian Small Businesses: Are You Ready to Apply?
Listen to this article
This cyber insurance checklist for Canadian small businesses covers the security controls and documentation you need before applying: MFA on all accounts, EDR on all devices, tested offsite backups, a patch management process, email authentication records, and a written incident response plan.
What Should a Cyber Insurance Checklist for Canadian Small Businesses Cover?
A cyber insurance checklist for Canadian small businesses should map every major area that insurers evaluate during underwriting: identity and access security, endpoint protection, data backup and recovery, email security, network and patch management, and administrative policies. Working through each area before applying lets you identify gaps early — when you still have time to fix them before submitting your application.
MFA Checklist: What to Verify Before Applying
Verify MFA is enforced on all email accounts including shared mailboxes, all cloud applications your business uses, all VPN and remote access systems, and all privileged administrative accounts. Confirm there are no accounts or systems that bypass MFA. Capture screenshots of your MFA enforcement settings for each platform as evidence for the insurer.
Backup Checklist: What to Verify Before Applying
Confirm daily backups are running and covering all critical business data. Verify that at least one copy is stored in a location separate from your primary network — either a separate cloud account or physical offsite media. Critically: document the date and result of your most recent restore test. If you have never tested a restore, do it now and record the outcome before applying.
Endpoint Security Checklist: What to Verify Before Applying
Confirm an EDR solution is installed and active on all endpoints including remote worker laptops. Verify all devices are running supported operating systems with automatic updates enabled. Confirm your EDR solution is actively managed — alerts are being reviewed and responded to. Document the name of the EDR product and the percentage of devices covered.
Documentation Checklist: What to Gather Before Applying
Gather copies of: your information security policy, your incident response plan, security awareness training completion records for all employees from the past 12 months, backup logs showing recent successful backups and restore test records, patch management reports, and MFA and EDR configuration screenshots. Having these documents organized before you submit your application significantly accelerates the underwriting process.
Frequently Asked Questions
What should a cyber insurance checklist for a Canadian small business include?
A cyber insurance checklist for a Canadian small business should include: MFA enforcement verification across all accounts, EDR deployment confirmation on all devices, backup verification with restore test records, email authentication check (SPF, DKIM, DMARC), patch management currency review, and documentation gathering (incident response plan, security policy, training records).
How long does it take to complete a cyber insurance checklist for a small business?
Completing a cyber insurance checklist for a small business typically takes 1 to 2 weeks if most controls are already in place. If significant gaps exist, implementing the required controls can take 2 to 6 weeks.
Should I complete a cyber insurance checklist before or after getting a quote?
Complete the checklist before getting a quote. Working through the checklist first lets you identify and fix gaps before they affect your underwriting outcome.