Cyber Insurance: What Underwriters Check on Your Domain | DomainScores

Irish cyber insurers check DMARC, TLS, and DNS security on every application. Only 3.87% of domains pass the full baseline. Gaps mean higher premiums or declined claims.

When you apply for cyber insurance in Ireland, underwriters check your domain. Automated scanning tools look at DMARC enforcement, TLS configuration, certificate health, and DNS security controls. Only 3.87% of domains pass the full technical baseline.

What underwriters are looking for

Business Email Compromise (BEC) is the single largest category of cyber insurance claims globally. Underwriters know that domains with DMARC enforcement at p=reject or p=quarantine are dramatically less likely to be used in BEC fraud — either as the sender or the target.

The checks insurers commonly run or ask about:

  • DMARC at enforcement level (not p=none) — the primary BEC risk signal
  • SPF published and correctly configured
  • DKIM active on your email provider
  • TLS 1.2+ minimum on your web server
  • Valid certificate with no browser warnings
  • DNSSEC (not universal yet, but appearing on more questionnaires)

What happens if you have gaps at claim time

The risk is not just a higher premium. If you declare that your email security controls are in place on your insurance application — or if you don't disclose gaps — and then suffer a BEC incident that DMARC enforcement would have blocked or detected, an insurer may dispute the claim on the basis that the stated controls weren't actually present.

This is not a corner case. It has happened to Irish businesses.

How to prepare before your renewal

Run the free DomainScores check before your renewal date. The report shows your current grade across 34 checks and identifies every gap that underwriters will find. Fix before renewal, not after.


Renewal coming up? Domain Fix from €1,197 — we close every gap and provide a before-and-after security report you can give your broker. Grade B+ guaranteed, or your money back.