← All insurers
Cyber insurance evidence

Answering the CGU cyber proposal flow.

CGU and IAG’s Cylo SMB cyber agency distribute through brokers and do not publish a downloadable proposal form. AttackEdge produces dated external-security evidence for the technical-scanning questions every Australian SMB cyber underwriter in this segment asks.

Insurer CGU Insurance (IAG)Distribution Broker / Cylo agencyHosted in Sydney

Note on this page. CGU does not publish its cyber proposal form publicly; distribution is broker-only and questions vary by broker and by the underlying underwriting agency. The rows below are the questions every Australian SMB cyber underwriter in this segment asks, not verbatim CGU form fields. If you would like a guide tied to a specific public proposal, see the Chubb Cyber ERM or Emergence guides.

Questionnaire mapping

The questions every SMB cyber underwriter asks.

Category-level mapping rather than verbatim form fields, because the CGU and Cylo proposal flow is broker-facing and not published as a downloadable PDF.

Question the underwriter asksWhere AttackEdge helpsWhere it doesn’t
External vulnerability scanning frequency and recencyMonthly external scans on Solo and SMB, with a dated PDF every cycle. The most recent scan date is on the PDF header.Internal vulnerability scanning needs an agent or appliance and is out of scope.Partial
Internet-exposed services and unnecessary open portsEvery cycle enumerates exposed ports and services on your in-scope IPs, with severity and remediation guidance.Helps
Email authentication posture — SPF, DKIM, DMARC, MTA-STSChecked every cycle on your registered domains, with re-checks on demand after DNS changes.Helps
TLS certificates current, no weak ciphers, security headers in placeCertificate validity, cipher strength, HSTS and CSP presence reported each cycle on every in-scope host.Helps
Subdomain hygiene and dangling DNS recordsPassive subdomain discovery surfaces hosts under your registrable domain, flagged for review before they are added to active scanning. Stale or dangling records appear here.Helps
End-of-life software on internet-facing systemsBanner and version detection flags EOL web servers, language runtimes, CMS plugins, and TLS stacks. The PDF lists what was detected.EOL software inside your network is invisible from outside; that has to come from your IT or MSP.Helps
Multi-factor authentication on staff, admin, and remote-access accountsMFA is configured inside Microsoft 365 / Google Workspace / Okta / your VPN. AttackEdge can flag exposed login pages but cannot read your MFA policy.Out of scope
Endpoint protection (antivirus, EDR, MDR coverage)Endpoint protection is internal tooling. The underwriter wants a product name here, not an external scan result.Out of scope
Backup posture — frequency, location, immutability, restore testingBackups live inside your environment. Out of scope for an external scanner.Out of scope
Incident response plan exists and is testedThe plan is a document and the test is an exercise; neither is a scan result. AttackEdge does give you the dated detection stream the plan can reference.Out of scope
Employee security awareness training and phishing simulationTraining-record questions are out of scope. We surface email-authentication posture, which is the other side of the same problem.Out of scope
PII / PHI / payment-card record volume held electronicallyA data-volume question. AttackEdge does not count records inside your applications or databases.Out of scope
Wire-transfer authorisation controls and callback proceduresInternal finance controls. Out of scope. Business-email-compromise is the threat behind this question; email authentication (which we check) is one of the technical mitigations.Out of scope
Any prior cyber claims, incidents, or near-missesFor renewals, your AttackEdge finding history shows what changed since the last cycle, which is useful corroboration when answering this question.A loss history question is something you answer from your records, not from a scan.Partial
What you hand the broker

Three artefacts that travel with the submission.

Dated PDF report

A timestamped PDF for each scan cycle. Attach it to the submission email your broker sends to CGU or the SMB cyber underwriter behind them; the date answers the "is this current" question before it is asked.

Public methodology link

A live page describing exactly what AttackEdge checks. The underwriter can read it without an NDA, which speeds up broker follow-up.

Asset inventory and discovery log

Your current in-scope assets, plus subdomains and hosts surfaced by passive discovery. This is the answer to the "what is in scope" question on most SMB cyber proposals.

Honest scope.

AttackEdge does not answer the parts of a CGU or Cylo proposal that live inside your environment: MFA configuration, privileged access controls, endpoint protection coverage, backup posture, incident response plans, written privacy and security policies, wire-transfer authorisation controls, and employee security awareness training. Those answers come from your IT team, your MSP, or a separate tool. The dated PDF only speaks to what is on the public internet.

About CGU in Australia.

CGU Insurance is a general insurance brand owned by IAG (Insurance Australia Group, ASX: IAG). IAG launched Cylo as a specialist SMB cyber underwriting agency in 2024, targeting businesses with revenue up to A$10m, backed by CGU paper. Distribution is broker-led, and the cyber-risk monitoring partnership IAG uses (UpGuard) sits on the underwriter’s side of the table rather than yours.

AttackEdge slots in early on your side: subscribe before the broker collects the renewal information, run a cycle, and you have a dated PDF ready to attach. If your broker moves the renewal to a different SMB cyber underwriter at quote stage, the same PDF carries over — the underlying technical-scanning questions do not change.

Common questions

CGU-specific FAQ.

  • Does CGU publish a cyber insurance proposal form publicly?

    Not as a downloadable PDF, no. CGU distributes through brokers and through IAG's SMB cyber underwriting agency (Cylo, backed by CGU, targeting businesses up to A$10m revenue). The proposal flow is broker-facing and the questions vary by broker. The rows above are the SMB cyber category questions every underwriter in this segment asks, not verbatim CGU form fields.

  • Will AttackEdge evidence be recognised by CGU?

    CGU has not published an approved-tool list and we do not claim to be on one. The dated PDF travels with the submission as evidence on its own merits. Brokers familiar with cyber-insurance evidence report that recurring external scanning answers the same underwriter questions whether the underwriter is CGU, Chubb, Emergence, or a Steadfast network partner.

  • My broker is quoting CGU through IAG's Cylo agency. Does this still apply?

    Yes. Cylo is IAG's specialist SMB cyber agency backed by CGU and targets businesses with revenue up to A$10m. The technical-scanning questions in the Cylo proposal flow are in the same category as the rows above. AttackEdge covers the external-surface ones.

  • CGU partners with UpGuard for cyber risk monitoring. Does that replace what AttackEdge does?

    No, the two tools sit on different sides of the table. UpGuard is the underwriter's scoring tool, used at quote stage to validate the form. AttackEdge is your evidence tool, used by you to answer the form. If UpGuard flags a finding (a missing security header, a weak TLS cipher, an EOL service), AttackEdge has almost certainly shown it to you already with a remediation step.

  • What if my broker uses a different underwriter at renewal?

    That is normal in this market — brokers shop the renewal. The same AttackEdge evidence works for any of the major SMB cyber underwriters in Australia because the technical-scanning questions are an industry-wide baseline. The dated PDF does not need to be redone if the underwriter changes.

More insurers

Other insurer-specific guides.

Chubb

The Chubb Cyber ERM proposal form is the document most Australian brokers send first. Real verbatim questions mapped to where AttackEdge answers them.

Read the guide →
Emergence

Emergence is Australia’s largest specialist cyber underwriter. The Cyber Event Protection form scales with revenue. See which sections AttackEdge feeds evidence into.

Read the guide →
Marsh

Marsh places cover with multiple underwriters in Australia, so the application form blends underwriter-specific and broker-side questions. AttackEdge covers the external-scanning ones.

Read the guide →
Renewal-ready evidence

Run the first scan before the form arrives.

Solo subscriptions start at A$39/month. The first PDF lands inside an hour of the first scan, dated and ready to attach.

Start a scan Run a free checkTalk to us