# AgileCT Cyber Insurance Readiness Snapshot

Use this as the free first-step questionnaire for Canadian SMB prospects. It is a directional readiness screen, not a formal audit, insurance application, or guarantee of coverage terms.

## Prospect Context

| Field | Notes |
| --- | --- |
| Company name |  |
| Industry |  |
| Employee count |  |
| Renewal or application date |  |
| Broker or carrier, if known |  |
| Main trigger | Renewal / first application / carrier follow-up / broker request / board concern |
| Current IT support model | Internal IT / MSP / co-managed / informal |

## Readiness Questions

Score each item:

- 0 = Not in place or unknown
- 1 = Partially in place, limited evidence
- 2 = In place, enforced, and evidence is current

| Control family | Score | Evidence to ask for |
| --- | ---: | --- |
| MFA coverage |  | Screenshot or report showing MFA on email, remote access, cloud platforms, and admin accounts |
| Endpoint protection and monitoring |  | EDR deployment report, endpoint coverage percentage, monitoring owner |
| Backup recoverability |  | Backup configuration, immutable/offline copy proof, latest restore test result |
| Patch management |  | Patch policy, SLA, compliance report, vulnerability remediation tracker |
| Email security |  | SPF, DKIM, DMARC status, anti-phishing controls, reporting workflow |
| Incident response plan |  | Written IR plan, named roles, escalation contacts, tabletop notes |
| Security awareness training |  | Completion report, phishing simulation results, follow-up training record |
| Vendor risk |  | Critical vendor inventory, security review notes, SOC or questionnaire evidence |
| Logging and visibility |  | Log sources, retention period, alert owner, response workflow |
| Privileged access |  | Admin account list, access review record, shared-account exceptions |

## Score Interpretation

| Score | Interpretation | Suggested AgileCT offer |
| ---: | --- | --- |
| 0-9 | Evidence is missing or controls are unclear. | Free triage call, then Cyber Insurance Readiness Mini Review |
| 10-15 | Some controls exist, but evidence or ownership is likely incomplete. | Cyber Insurance Readiness Review |
| 16-20 | Core controls appear mature. Focus on packaging and freshness. | Evidence Pack + Tabletop |

## Follow-Up Questions

1. What did the insurer, broker, or application ask for that felt unclear?
2. Which answers from last year's application might no longer be accurate?
3. What changed in the business since the last renewal: new systems, vendors, remote work, cloud services, acquisitions, or new sensitive data?
4. Which evidence is controlled by the MSP, internal IT, finance, operations, HR, or a vendor?
5. Are any controls planned but not yet complete?

## Suggested Free-to-Paid Transition

If the prospect has a renewal or application date within 120 days, recommend a fixed-price Readiness Review. If the score is high but the prospect lacks organized documentation, recommend the Evidence Pack. If the score is low and the timeline is urgent, recommend a Renewal Sprint with clear remediation priorities.