When you apply for cyber insurance in Ireland, underwriters check your domain. Automated scanning tools look at DMARC enforcement, TLS configuration, certificate health, and DNS security controls. Only 3.87% of domains pass the full technical baseline.
What underwriters are looking for
Business Email Compromise (BEC) is the single largest category of cyber insurance claims globally. Underwriters know that domains with DMARC enforcement at p=reject or p=quarantine are dramatically less likely to be used in BEC fraud — either as the sender or the target.
The checks insurers commonly run or ask about:
- DMARC at enforcement level (not
p=none) — the primary BEC risk signal - SPF published and correctly configured
- DKIM active on your email provider
- TLS 1.2+ minimum on your web server
- Valid certificate with no browser warnings
- DNSSEC (not universal yet, but appearing on more questionnaires)
What happens if you have gaps at claim time
The risk is not just a higher premium. If you declare that your email security controls are in place on your insurance application — or if you don't disclose gaps — and then suffer a BEC incident that DMARC enforcement would have blocked or detected, an insurer may dispute the claim on the basis that the stated controls weren't actually present.
This is not a corner case. It has happened to Irish businesses.
How to prepare before your renewal
Run the free DomainScores check before your renewal date. The report shows your current grade across 34 checks and identifies every gap that underwriters will find. Fix before renewal, not after.
Renewal coming up? Domain Fix from €1,197 — we close every gap and provide a before-and-after security report you can give your broker. Grade B+ guaranteed, or your money back.