Pass the questionnaire
and pay less.
Insurance carriers now ask hard questions. MFA on every account. Tested backups. EDR deployed. IR retainer. Train your users. If you can't answer yes with evidence, your premium goes up or coverage gets denied. We close those gaps before renewal.
Everything you need, none of the upsell.
Real deliverables, with the boundaries written down. So you know what you're paying for and what counts as extra.
Every question, evidenced.
Standard carriers and brokers ask similar questions. We map yours to evidence in advance so application is a copy-paste.
Fix what's missing.
MFA, EDR, backup, IR plan, training. The big five. We deploy what's missing and document what's already there.
We talk to your broker.
Optional joint call with your broker to validate the questionnaire and discuss control depth. Stronger answers, better quotes.
60 days out.
Pre-renewal review of changes, incidents, and control posture. So renewal is boring instead of expensive.
The order we work in.
A clear sequence so you can budget time, money, and risk against the work.
Application Review.
Pull last year's application and quote. Identify weak answers and missing evidence.
Gap Close.
Deploy missing controls. Document existing ones. Generate evidence artifacts.
Resubmit.
Refresh the application with stronger answers and supporting documentation.
Renew.
Annual renewal prep 60 days out. Track changes that affect rate or coverage.
Get a quote on cyber insurance readiness.
Tell us a bit about your environment and we'll come back with a scoped proposal in two business days. No obligation, no pressure.
Request a Quote Back to ComplianceClosing the gap between what insurers require and what you actually have in place.
Cyber insurance carriers in Canada have significantly tightened their underwriting requirements since 2020. A business that could obtain coverage with basic virus protection and a backup drive now faces questionnaires with 40-60 technical questions covering MFA enforcement, EDR deployment, backup testing, IR planning, vendor access controls, and security awareness training. If you answer no to enough of those questions, coverage is denied or your premium increases substantially. If you answer yes but cannot produce evidence during a claim investigation, coverage may be disputed.
North Star's cyber insurance readiness service works backward from the questionnaire. We review the specific questions your insurer asks (or the questions from the Insurance Bureau of Canada's standard questionnaire format), assess your current controls against each requirement, identify the gaps, close them before your renewal date, and produce the documentation you need to answer yes with evidence. For a Prince George manufacturing company renewing its commercial lines with a new cyber endorsement requirement, that might mean enforcing MFA on all Microsoft 365 accounts, deploying EDR on all endpoints, moving to tested immutable backups, and producing a written IR plan. We handle all of that as a scoped project with a defined timeline relative to your renewal date.
- Questionnaire gap analysis: we review your insurer's current questionnaire and map each control question to your existing security posture. You see exactly where the gaps are before renewal.
- Control remediation: we close identified gaps in priority order relative to your renewal date. MFA, EDR, backup testing, and IR planning are the controls most commonly flagged by insurers.
- Evidence package: documentation of every control in place: MFA enforcement screenshots, EDR deployment logs, backup restore test reports, and training completion records. Formatted for an insurer's claims team, not just your IT team.
- Incident response plan: written IR plan documenting escalation paths, containment procedures, notification obligations under BC PIPA and PIPEDA, and breach response contacts (legal, insurance broker, IT).
- Vendor access review: insurers frequently ask about third-party access to your systems. We review and document all vendor remote access, ensure it is MFA-protected, and remove stale access.
- Broker support: North Star can participate in a call with your insurance broker to explain the technical controls in place, clarify questionnaire responses, or provide a written attestation of the security configuration.
- Renewal timeline planning: we scope the remediation project with your renewal date in mind so work is complete before the questionnaire must be submitted.
BC and AB businesses facing a first cyber policy or a tightened renewal.
Cyber insurance readiness is relevant for three groups of businesses. First, businesses applying for a standalone cyber insurance policy for the first time and discovering that the underwriting requirements are more extensive than they expected. Second, businesses at renewal whose insurer has added new requirements (MFA, EDR, tested backups) that were not required at the last renewal and now must be met before coverage is confirmed. Third, businesses that answered the questionnaire at the last renewal and are not confident that the answers were accurate.
In British Columbia and Alberta, cyber insurance is becoming standard in commercial insurance packages rather than an add-on. Commercial banks, enterprise clients, and government procurement increasingly require proof of cyber coverage as a condition of doing business. For businesses in oilfield services, construction, and professional services working with larger enterprise clients, a failure to obtain or renew cyber coverage can be a contract-ending event.
Businesses that have had a prior cyber claim are subject to particularly detailed underwriting and may face premium increases or coverage restrictions. North Star can assist with post-incident remediation and the documentation required to satisfy an insurer that the conditions that led to the claim have been addressed before renewal.
Scoped project priced relative to gap count and timeline.
Cyber insurance readiness is a project engagement priced based on the number of control gaps identified in the gap analysis and the time available before your renewal date. A business with strong existing controls and a few gaps closes in a matter of weeks. A business starting from a low baseline with a 90-day runway requires more work. The gap analysis is the first step and is priced separately before the remediation project is scoped. Remediation work can be absorbed into ongoing managed IT services at a reduced project rate for existing managed services clients. Contact North Star at least 90 days before your renewal date for the best outcome.
What clients ask before starting.
What controls do insurers most commonly require?
The five controls Canadian cyber insurers most consistently require are: MFA enforced on all accounts and all remote access; EDR deployed on all endpoints (not just antivirus); immutable off-site backups with documented restore testing; a written incident response plan; and ongoing security awareness training for staff. These five controls appear in the majority of Canadian insurer questionnaires and are the first things a claims team will ask for evidence of after an incident. If you have all five in place with documentation, you are in a strong position for underwriting.
What if we cannot close all gaps before our renewal date?
Partial remediation is better than none. Insurance brokers can sometimes negotiate a coverage binder while remaining controls are addressed, particularly if the most critical controls (MFA, EDR) are already in place. North Star prioritizes the remediation sequence to close the highest-risk gaps first, so that even if the full project is not complete by renewal, the insurer sees meaningful progress on the items they weight most heavily. We also produce a written remediation plan showing what remains and the committed timeline, which brokers can present to the underwriter.
Can you help us after a claim?
Yes. If you have had a cyber incident and a claim is in process, North Star can assist with post-incident remediation, forensic documentation of what was in place at the time of the incident, and the technical controls required to demonstrate to the insurer that the vulnerability has been addressed. We can also participate in calls with your insurer's incident response vendor if they have deployed one under the policy. Contact us immediately when an incident occurs rather than waiting until the claim process is underway.
How does this relate to BC PIPA and PIPEDA?
BC PIPA and PIPEDA both require organizations to implement reasonable security safeguards to protect personal information. A cyber insurance questionnaire and a regulatory compliance assessment cover a lot of the same ground. Closing the gaps identified in the insurance questionnaire typically also improves your posture under privacy legislation. If you experience a breach after implementing the controls required by your insurer, you are in a substantially better position both to limit the damage and to demonstrate to the Office of the Information and Privacy Commissioner that you had reasonable safeguards in place.
We work backward from the questionnaire, not forward from a generic checklist.
North Star is based in Prince George and serves BC, Alberta, and the Yukon. We have reviewed the actual questionnaires used by major Canadian cyber insurers and we know exactly which controls they weight most heavily. We do not run a generic security improvement program and hope it satisfies the insurer; we map the questionnaire requirements to your environment and close the specific gaps it identifies. Every engagement produces an evidence package that you can hand directly to your broker or a claims team. We speak plain language to non-technical business owners and to insurance professionals equally, and we stay accountable through your renewal date.