Paid assessment
Cyber Insurance Readiness Assessment.
$2,500 fixed-fee. Two weeks. A 15-page written report mapped to your carrier's actual 2026 questionnaire, with a prioritized remediation roadmap and honest cost estimates. No retainer required. No upsell tax.
Who this is for
The assessment was built for three specific situations. If you recognize yourself in any of them, this is probably the right next step.
Renewal is 60–120 days out
Your carrier sent a longer questionnaire than last year, the broker is asking about EDR and immutable backups, and you have a quiet suspicion that the answers in last year's renewal were optimistic. You want a clean third-party answer set and a remediation plan before the underwriter reads it.
Recently declined or non-renewed
A carrier walked away — or quoted a premium that doesn't make sense. You need a written, defensible position on what's actually in place, what's missing, and what it will cost to close the gap so the next carrier conversation starts from facts, not guesswork.
Owner wants to know what they don't know
Nobody has breached you that you know of, but the news keeps showing businesses your size getting hit. You want an outside professional to tell you the honest truth: where you'd actually fail, what to fix first, and what the bill looks like — without a sales pitch attached.
What you get
A 15-page PDF report plus a sourced evidence folder. Owner-readable up front, technical detail in the back. Written so a broker, an underwriter, your bookkeeper, and your next IT provider can each find what they need.
Executive summary
Two pages, owner-readable. Overall posture rating, the three things that matter most, the financial exposure if a ransomware event lands tomorrow.
Control dashboard
A one-page heat map across 14 control families — identity, endpoint, email, network, backup, vendor risk, response, training, governance. Green / amber / red, no fluff.
Gap analysis
Plain-English description of each amber and red finding, what it means in business terms, and the realistic chance an underwriter or attacker will exploit it.
Risk register
Each gap scored on likelihood, impact, and effort to remediate. Sortable so an owner can see the highest-ROI fixes at a glance.
Insurance questionnaire crosswalk
Your actual carrier questionnaire mapped line-by-line to the evidence we found. Every answer is sourced, so when you sign the renewal application you know what you're attesting to.
Prioritized roadmap
A 30 / 60 / 90-day plan. What to fix this month, this quarter, this year. Sequenced so that earlier fixes unlock later ones.
Cost estimate
Honest numbers, not ranges. Per-seat licensing, one-time project work, ongoing managed-services costs if you want them. Itemized so you can buy à la carte if you prefer.
The process — two weeks, in seven steps
Everything is scheduled around your operating hours. We do not interrupt the business — interviews are short, evidence is dropped on your own clock, and the only firm meeting on your calendar is the walkthrough call near the end.
- 1
Day 0
Scoping call (30 minutes)
Free. We confirm fit, agree on scope, and book the kickoff. No assessment fee charged until you sign the engagement letter.
- 2
Day 1
Kickoff + retainer
Engagement letter signed, 50% retainer invoiced, evidence-collection checklist sent. We schedule the interview week.
- 3
Day 2–4
Evidence collection
Read-only access to M365 tenant, network diagrams, vendor list, existing policies and SOPs, last year's insurance application. You drop files into a shared workspace at your own pace.
- 4
Day 5–7
Interviews
Two to four conversations: owner, whoever handles IT today, often the bookkeeper or operations lead. 30–45 minutes each. We listen for the gap between what's documented and what actually happens.
- 5
Day 8–10
Draft report + internal review
We assemble findings, write the narrative sections, and do an internal quality pass before anything reaches your desk.
- 6
Day 11–13
Walkthrough call
We present the draft to you (and your broker if you want them on the line). You push back, we adjust, we agree on language.
- 7
Day 14
Final delivery
Final PDF delivered, source evidence handed over, final invoice issued. The report is yours — share it with your broker, your board, your next IT provider, whoever needs to see it.
What this assessment does not do
Honesty about scope is part of the deliverable. Here is what we explicitly do not promise.
This is not a penetration test
We are not attempting to exploit your systems. If you want a pen test, we can refer you to a Canadian firm that does that work properly — typical cost is $12,000–$30,000 and a different kind of engagement entirely.
This is not legal or insurance advice
We write a technical and operational report. Your broker, lawyer, and underwriter make the insurance and legal decisions. We give them the facts; they make the calls.
This is not a guarantee against breach
No assessment can promise you won't be breached. What we can promise is that you'll know where you actually stand and what closing the gap costs, before something forces the conversation.
This is not a sales pitch in disguise
About 70% of assessment clients move to a managed retainer afterward — but the report is a real standalone deliverable. If the right call is to fix one or two things and stay with your current provider, that's what we'll write.
Pricing — said out loud
- $2,500 CAD fixed-fee. Not an estimate. Not a starting point. The number on the engagement letter is the number on the final invoice.
- 50% retainer at kickoff, 50% on delivery. Net 15 invoicing. e-Transfer or cheque accepted.
- Full credit toward retainer if you convert within 90 days. $2,500 applies against the first three months of a Cyber Essentials + Managed IT or Cyber Premium engagement.
- No expansion of scope without your written sign-off. If something genuinely outside scope appears mid-engagement, we stop, explain it, quote it, and let you decide.
Frequently asked questions
How long does it take?
Two weeks end to end, from signed engagement letter to final PDF. We can move faster for a renewal deadline if needed — talk to us on the scoping call.
What if you find something serious?
If we find evidence of an active or recent compromise, we tell you the same day and walk you through immediate containment options. The full report is still delivered on schedule. Active incidents are billed separately if they require response work beyond the assessment scope.
Can my broker see the report?
Yes — and most brokers love it. The questionnaire crosswalk section is written specifically so a broker can use it directly when submitting the renewal application. We will also join a call with your broker at no extra charge if that helps.
What if I already have an MSP or internal IT?
Most of our assessment clients do. The report is written respectfully — it is not a hit piece on your current provider. Many internal IT leads and MSPs welcome an outside review because it gives them ammunition for budget conversations they have been losing for years.
Is this enough for my insurance renewal on its own?
The assessment itself is not the policy — your carrier still issues the policy. But the documented evidence, written gap analysis, and remediation roadmap are what carriers increasingly demand for renewal at favourable rates. Clients who arrive with a written assessment routinely see 10–25% premium reductions versus arriving with a self-answered questionnaire.
Does the $2,500 credit toward something?
Yes. If you convert to a Cyber Essentials + Managed IT or Cyber Premium retainer within 90 days of report delivery, the full $2,500 credits against your first three months of managed services. The credit applies once per engagement.
Ready to know where you actually stand?
The scoping call is free and takes 30 minutes. If we are not a fit, we will tell you on the call.