Consortium of Leading Cyber Technology and Insurance Providers Announce the Launch of SafeHouseInitiative.org
January 17, 2023
No Comments
This is a companion blog to the summer series of The SafeHouse podcast hosted by operational resilience and disaster recovery veteran, Jeff Edwards. Accompanying Jeff, is our special ‘Summer Series’ guest host and cyber breach coach at Lewis Brisbois, Tawana Johnson. Together, they bring a unique blend of legal, technical, and strategic expertise to this compelling podcast which aired on July 17, 2025.
In today’s complex cyber landscape, understanding the intricacies of cyber insurance can be a game-changer for small and midsize businesses. Heather Mongeau, Vice President and Director of Cyber Product Solutions at Allied World Insurance Company, offers a rare insider’s perspective on the vital role underwriting plays in cyber insurance. Beyond just financial protection, Heather sheds light on how proactive risk management, accurate applications, and strong security controls work together to keep businesses resilient in the face of inevitable cyber threats.
At its core, underwriting might sound like insurance jargon, but Heather breaks it down simply: “I evaluate a risk and decide whether we’re going to extend coverage or not.” She explains that risk is essentially an unforeseen event that could disrupt or halt a business’s objectives. Insurance bridges the gap between such a catastrophic event and the continuation of business operations.
“Underwriting is bridging that gap… It takes what could be a catastrophic loss and provides the finances to get through it and make them whole so they can continue operating like they were before that incident happened.”
This perspective is especially important for business owners who may fear that a cyber-attack could be the end of their company. Heather emphasizes that cyber incidents are not a matter of if, but when, underscoring the need for preparation and insurance as a safety net.
One of the biggest hurdles Heather sees in the underwriting process is the application itself. While applications across carriers ask similar questions, the way prospective insureds answer them can have significant consequences. She warns against oversimplifying answers, especially when checkboxes are limited to “yes,” “no,” or “not applicable.”
“Cyber is not black and white. There are different controls an insured might have… if the answer is not 100% yes, then they might put no. And that’s not an accurate answer.”
This nuance is crucial because underwriters rely on these applications to determine if the business has acceptable security controls in place. Heather advises working with knowledgeable brokers who can guide insureds through the application process and help clarify these often-confusing questions.
Heather also shares an interesting example from her own experience about the confusion between “records” and “individuals” in applications, illustrating how even seasoned professionals can struggle with the evolving terminology in cyber insurance.
Security controls aren’t just buzzwords; they are prerequisites for getting cyber insurance coverage. Heather highlights multifactor authentication (MFA) as a fundamental control that many carriers insist on before extending coverage.
Penetration testing and vulnerability assessments also play a significant role in underwriting decisions. Heather explains the difference:
These tests provide a proactive approach to cybersecurity, helping businesses identify and fix vulnerabilities before a real attack happens.
“Underwriters like to see that the insured is doing as much as they can, then the insurance comes on top… If the answer is never, then I’m going to sit back in my chair and take a pause on that.”
Heather also stresses the importance of regularly testing business continuity plans to ensure a swift recovery after an incident.
Many business owners think of cyber insurance solely as a financial safety net after an attack, but Heather emphasizes that it offers much more.
“Most cyber policies will have an incident evaluation hotline right on that declaration page… You want to get the experts in and get them in early.”
This immediate access to experts can dramatically reduce downtime and damage, helping businesses recover faster and avoid prolonged disruptions.
Heather’s advice to business owners is clear: cyber risk management is complex and interconnected, so don’t try to face it alone.
“Find a broker that you’re comfortable working with, that’s knowledgeable in cyber, has access to several different markets, understands your needs and goals, and can find a carrier that fits.”
She highlights that carriers often partner with vendors to offer pre-breach services—some at no additional cost—to help businesses improve their security posture. Leveraging these resources can make a significant difference in both obtaining coverage and reducing risk.
Cyber threats are a reality for all businesses, regardless of size or industry. Heather’s insights make it clear that cyber insurance is not just about surviving an attack financially but about building resilience through proactive risk management, accurate applications, and strong security controls.
As Heather puts it, “You don’t want to be one of the insurers that’s down for three weeks. What is your business going to look like if you can’t work, can’t function, can’t get your products out, can’t get your services done?” Preparing today with the right insurance, expert partners, and security measures can make all the difference tomorrow.
Remember, cyber insurance is evolving, and partnering with knowledgeable brokers and carriers is key to navigating this dynamic landscape effectively. Don’t face cyber threats alone—use every tool and resource available to protect your business.
For more information about the SafeHouse Initiative and how you can protect your organization, visit safehouseinitiative.org.
