Major carriers now pull your security rating during underwriting. A D or F can trigger a declination — or a 40% premium surcharge. Here's what underwriters are looking for.
The cyber insurance market hardened dramatically between 2021 and 2024 after a surge in ransomware claims. As a result, major carriers began using external security ratings as a key underwriting signal — and the practice is now industry-standard.
Underwriters at Chubb, AIG, Travelers, Beazley, and Coalition all use some combination of external security ratings during the application review. Here's how each rating level typically translates to an underwriting outcome:
| Grade | Score | Typical Underwriting Outcome |
|---|---|---|
| A / A+ | 90–100 | Best available rates, streamlined application, minimal questionnaire |
| B / B+ | 80–89 | Standard rates, straightforward approval |
| C | 70–79 | Additional questionnaire required, moderate surcharge, possible exclusions |
| D | 60–69 | Significant surcharge (20–40%), major exclusions, manual review required |
| F | 0–59 | High likelihood of declination or non-renewal. Some carriers will not bind. |
For a company paying $50,000/year in cyber insurance premiums, moving from D to B can save $10,000–$20,000 annually. Our average consulting engagement costs less than one year's worth of those savings — meaning the remediation typically pays for itself in year one.
Get your free assessment and see how much you could save on cyber insurance premiums.
Get My Free Assessment