Cybantage Requirements Review

What was reviewed and what matters

Estimated incident exposure ranges are shown per scenario (Low / Moderate / High) rather than as a single aggregated total. Policy requirements, key conditions, and exposure considerations are surfaced for leadership review.

Industry, revenue, and operational context

Captures the industry profile, annual revenue, employee range, record count, and system dependency provided at intake. These inputs drive scenario exposure modeling and industry-informed assumptions.

What was uploaded and what each document contributed

Lists each uploaded file, the document types detected within it (policy wording, declarations, endorsements, sublimit schedule, application, etc.), and any review notes. Drives the Confidence score.

Policy requirements identified in the uploaded documents

Each requirement is listed with category, severity, confidence, source clause/page, operational implication, and evidence expectation. These requirements feed the Readiness questionnaire and assessment.

Consent, notice, vendor panel, and proof-of-loss provisions

Highlights the operational conditions detected in the policy — prior written consent, panel vendor requirements, notice timing, proof-of-loss expectations, settlement consent, and ransom payment restrictions.

Directional Low / Moderate / High estimates per scenario

Industry-informed exposure ranges for business interruption, dependent vendor outage, ransomware, funds transfer, data breach, and regulatory investigation. Estimates are per-scenario and are not additive.

Coverage area vs. directional exposure

Status across coverage areas

What was not provided and how it limits the review

Identifies the document categories not uploaded (e.g. endorsements, sublimit schedule, application) and explains how each gap reduces analytical confidence.

What the policy appears to expect at claim time

Summarizes evidence the policy may expect — control evidence, BI records, decision logs, vendor approvals — so finance, legal, and IT can confirm readiness in advance.

Questions to bring to your broker or carrier

Targeted clarifying questions generated from the requirements and conditions found in the uploaded documents.

Questions to bring to outside counsel

Legal-oriented questions surfaced by the review — application representations, settlement authority, regulatory exposure, and similar items for counsel.

Policy-aware response timeline

• 0–4 hours · Confirm incident lead, involve legal, locate policy and broker contacts
• 4–12 hours · Assess notice obligations, start decision log, classify likely cost categories
• 12–24 hours · Identify affected systems, assess BI evidence and ransomware conditions
• 24–48 hours · Coordinate broker / carrier updates, track expenses, preserve BI records
• 48–72 hours · Confirm continuing consent, maintain decision log, update evidence folder

Recommended actions for leadership

Prioritized follow-ups based on the requirements, gaps, and conditions surfaced — items to confirm with broker, counsel, finance, and IT before the next renewal cycle.

Weighted self-assessment against policy requirements

After AI extraction, the user answers a weighted questionnaire built from the identified requirements. Each requirement is scored by severity and confidence to produce an overall readiness rating and per-requirement ratings.

What this review is and what it is not

A plain-language statement of the review's scope, assumptions, and limits — included in every report alongside the mandatory disclaimer below.