← All insurers
Cyber insurance evidence

Answering the Emergence Cyber Event Protection proposal form.

Emergence is Australia’s largest specialist cyber underwriter and the Cyber Event Protection form is what most Steadfast brokers send first. AttackEdge produces dated external-security evidence for the technical-scanning questions on the form.

Insurer Emergence InsuranceForm Cyber Event Protection (CEP-004)Hosted in Sydney
Questionnaire mapping

Question by question, where AttackEdge helps.

Drawn from the public Emergence Cyber Event Protection proposal form and the long-form addendum used above A$25m revenue. Numbering matches the fillable PDF.

Question the insurer asksWhere AttackEdge helpsWhere it doesn’t
Q4 β€” Do you have a Data Protection / Privacy policy?β€”The policy itself is a document you write. AttackEdge gives you the technical evidence stream the policy can reference.Out of scope
Q5 β€” Do you have firewalls protecting your own and customer/client data?External scans confirm what is reachable from the public internet, which is what an underwriter is really asking. If your firewall is doing its job, exposed services list short.The firewall configuration itself is internal. We see only what it allows out.Partial
Q6 β€” Do you protect Personally Identifiable Information through encryption (at rest, in transit, in backup)?TLS posture on customer-facing endpoints is checked every cycle, with cipher strength and certificate validity in the PDF. That answers the "in transit" part for anything exposed to the internet.Encryption at rest and on backups is internal. AttackEdge does not read database settings.Partial
Q8 β€” Do you use up-to-date antivirus / spyware / malware software?β€”Endpoint protection is internal. AttackEdge is an external scanner; ask your IT or MSP for this evidence.Out of scope
Q9 β€” Are all mission/business-critical systems and data backed up and stored at another location?β€”Backup location, frequency, and immutability are out of scope. We do flag exposed backup endpoints as findings if they accidentally end up on the internet.Out of scope
Q10 β€” Has an independent party completed an audit of your system/data security?Each monthly AttackEdge scan is an independent third-party check of your external surface. The dated PDF stands as an audit artefact for the external component.A full security audit also covers internal controls, policies, and people; the external scan is one input, not the whole audit.Partial
Q11 β€” Do you have written data safety policies and do employees receive annual security awareness training?β€”Policy documents and training records are out of scope. Phishing-simulation services live in a different tooling category.Out of scope
Long form Q3 β€” Disaster Recovery / Business Continuity Plan, tested in last 18 monthsβ€”The plan and test records live inside your environment. AttackEdge does not see DR or BCP artefacts.Out of scope
Long form Q6 β€” Does your website use Web Apps?Web technology fingerprinting flags the public CMS, frameworks, and libraries on your site, including outdated or vulnerable ones. The PDF lists what was detected with versions.β€”Helps
Long form Q7 β€” Do you use monitored Intrusion Detection or Intrusion Prevention Systems (IDS/IPS)?β€”IDS/IPS sits inside your network. AttackEdge is an external scanner; this is a question for your MSP.Out of scope
Long form Q8 β€” Any evidence of network intrusion or vulnerabilities in an IT security audit or penetration test not yet resolved?Open critical and high findings from the latest AttackEdge cycle are listed in the PDF, with their first-seen and most-recent-seen dates. You can answer this question with a current number rather than a vague "no".Past pen-test findings or internal-audit findings still need to come from those documents.Partial
Long form Q9 β€” Have you had unforeseen downtime to your website or IT network of more than 12 hours?Outages on monitored web hosts are captured in the dated finding history, so you can substantiate the answer with timestamps.Downtime of internal systems with no public surface is invisible to an external scanner.Partial
Email authentication posture (implicit, asked at quote stage)SPF, DKIM, DMARC and MTA-STS are checked every cycle and re-checkable on demand. Underwriters often ask about email auth even when the form does not because business-email-compromise drives a large share of claims.β€”Helps
TLS certificates, weak ciphers, and missing security headers on customer-facing sitesCertificate validity, cipher strength, HSTS, and CSP presence reported each cycle on every in-scope host.β€”Helps
What you hand the broker

Three artefacts that travel with the submission.

Dated PDF report

A timestamped PDF for each scan cycle. Attach it when you return the Emergence Cyber Event Protection proposal form to your broker; the date shows the answer is current.

Public methodology link

A live page describing exactly what AttackEdge checks. Emergence underwriters can read it without an NDA, which makes broker follow-up questions faster.

Asset inventory and discovery log

The current in-scope assets, plus subdomains and hosts surfaced by passive discovery. This is the answer to the "what is in scope" question on the form.

Honest scope.

AttackEdge does not cover the parts of the Emergence form that live inside your environment: antivirus and EDR, backup posture, written data-safety policies, employee security awareness training, the Disaster Recovery and Business Continuity plan, and the wire-transfer controls under Optional Cover – Cyber Theft. Those answers come from your IT team, your MSP, or a separate tool. The dated PDF only speaks to what is on the public internet.

About Emergence in Australia.

Emergence Insurance Pty Ltd (ABN 46 133 037 153, AFSL 329634) is a specialist cyber underwriting agency, majority-owned by Steadfast. They write a meaningful share of Australian SMB cyber and the Cyber Event Protection wording is one of the most-quoted SMB cyber policies in the market. Renewals are typically triggered 60 to 90 days before policy expiry, and the broker collects the proposal form back from you in that window.

AttackEdge slots in early: subscribe before the form lands, run a cycle, and you have a dated PDF ready when the broker asks for evidence. The subscription means next year’s answer is the same answer, only newer.

Common questions

Emergence-specific FAQ.

  • Which Emergence proposal form should my broker be using?

    Emergence offers two forms. The standard Cyber Event Protection proposal (CEP-004) covers most SMBs. Businesses with revenue above A$25m, a policy limit above A$19m, a prior cyber loss, or those in IT services complete the long-form proposal on top. AttackEdge answers the same external-surface questions in both.

  • Does Emergence run a security check on me before quoting?

    Emergence and several of its underwriting partners use external scoring services (UpGuard is a common one in Australia) to validate the form at quote stage. If their score flags a TLS or DNS finding that AttackEdge already showed you with a fix-it action, you can usually have it remediated before the score is rechecked.

  • Is AttackEdge an Emergence-approved tool?

    No, and we deliberately do not claim to be on any insurer's pre-approved tool list. Those lists are rare in the Australian SMB cyber market. The evidence is what carries the answer, not the brand of the scanner.

  • I work with a Steadfast broker. Does this still apply?

    Yes. Emergence is part of the Steadfast Group of underwriting agencies and most Steadfast brokers will run a cyber renewal through Emergence as one of their options. The proposal form is the same whether you arrive via Steadfast or another channel.

  • Section A asks for an indemnity period. Does AttackEdge change what I should pick?

    No. The indemnity period (30, 60, 90, 180, 365 days) is a business-impact question β€” how long can the business survive a system interruption. AttackEdge produces no input to that decision. Your business-continuity work answers it.

More insurers

Other insurer-specific guides.

Chubb

The Chubb Cyber ERM proposal form is the document most Australian brokers send first. Real verbatim questions mapped to where AttackEdge answers them.

Read the guide β†’
Marsh

Marsh places cover with multiple underwriters in Australia, so the application form blends underwriter-specific and broker-side questions. AttackEdge covers the external-scanning ones.

Read the guide β†’
CGU

CGU’s SMB cyber product is distributed through brokers and the proposal is rarely published. The questions every SMB underwriter asks still apply, and AttackEdge answers the external ones.

Read the guide β†’
Renewal-ready evidence

Run the first scan before the form arrives.

Solo subscriptions start at A$39/month. The first PDF lands inside an hour of the first scan, dated and ready to attach.

Start a scan Run a free checkTalk to us