Cyberattacks Are Rising Dramatically, But Many Companies Are Still Unprepared
In the last 5 years, the number of cyber attacks against companies in Indonesia has increased sharply.
From hacking of government websites, ransomware that paralyzes public services, to customer data leaks from various sectors — all show that digital threats are now a real risk, not just a potential one.
Unfortunately, most companies still don’t understand that cyber insurance is not just about compensation, but also about business resilience.
However, before an insurance policy is issued, the company must go through an important stage that is often overlooked, namely the underwriting and information gathering process.
This is where PT. Liberty and General Insurance Broker (L&G Insurance Broker) plays a crucial role—helping clients prepare the correct data and documents so that the policy issuance process runs smoothly, quickly, and provides optimal protection.
Why the Cyber Insurance Underwriting Process is So Important
Unlike conventional insurance such as fire or vehicle insurance, the risks in cyber insurance are very dynamic and complex.
Insurance companies not only value physical assets, but also:
- Digital infrastructure,
- Data security process,
- Legal compliance,
- And preparedness to face incidents.
This process is called underwriting assessment — the risk assessment stage to determine whether a company qualifies for insurance, as well as what the appropriate premium and coverage limits are.
Without accurate information, companies could:
- Charged too high premiums,
- Get a policy with limited coverage,
- Or even rejected by the insurer because it is considered too risky.
The Strategic Role of Brokers in the Underwriting Stage
Brokers like L&G Insurance Broker act as professional bridges between clients and insurance companies.
At the underwriting level, L&G helps:
- Identifying clients’ digital risk needs and exposures.
- Prepare information and supporting documents systematically.
- Explain to the underwriter the nature of the client’s business and the risk mitigation measures that have been implemented.
- Negotiate the best terms and premiums based on risk profile.
- Ensure data confidentiality during the assessment process.
With broker assistance, the company not only looks “ready,” but also gains more trust from insurers due to its complete and professional documentation.
Types of Information Required by Underwriters
Each insurance company has a slightly different format, but in general, there are five major groups of information that must be prepared before a cyber policy is issued.
- General Company Information
This basic information is used to understand the business context and scale of the company’s operations.
| Requested Data | Information |
| Name, address and field of business | Including main office and branch locations. |
| Number of employees | Total and number of IT system users. |
| Country or region of operation | Is the business only in Indonesia or international. |
| Annual turnover and net profit | To determine financial exposure. |
| Use of customer data | Whether managing personal data (B2C) or internal data (B2B). |
📌L&G Note: Companies that manage large amounts of personal data such as e-commerce, fintech, hospitals, or universities require higher coverage limits.
- IT Infrastructure and Security Systems
This section is the core of the cyber risk assessment.
Underwriters want to know how strong a company’s digital defenses are.
| Aspect | Sample Questions |
|
Is the system protected with multi-factor authentication (MFA)? |
|
The type of software used, as well as the last update. |
|
Is data backed up regularly and tested for recovery? |
|
Is sensitive data encrypted during transmission and storage? |
|
Do vendors have the same security standards? |
|
When was the last time an audit or penetration test was performed? |
📌L&G Note: If your company does not yet have a formal security policy, L&G can assist in drafting a summary IT Risk Statement to ensure compliance with underwriting requirements.
- History of Cyber Incidents and Preventive Actions
Underwriters will assess how the company learns from past experiences.
| Requested Data | Explanation |
| Incident history | Have there ever been data leaks, malware, or phishing? |
| Loss value | How much financial loss resulted from the incident. |
| Corrective steps | What actions have been taken post-incident. |
📌L&G Note: If there was a previous incident, L&G assisted the client in preparing a remediation report to demonstrate security improvements.
- Compliance and Regulation
Regulatory compliance has become an important indicator for underwriters, especially since the enactment of Law No. 27 of 2022 concerning Personal Data Protection (PDP Law).
Aspect Question
| Privacy Policy | Does the company have a personal data protection policy (Privacy Policy)? |
| Appointment of Data Protection Officer (DPO) | Who is responsible for data security in the company? |
| ISO/IEC 27001 Compliance | Does the security system follow international standards? |
| Report to regulator | Are companies required to report data breaches? |
📌L&G Note: Good compliance can lower premiums as it is considered an effective risk mitigation.
- Insurance Requirements (Insurance Specification)
The latest information relates to financial needs and desired policy limits.
| Component | Explanation |
| Coverage Limit (Sum Insured) | The maximum total claims expected to be covered. |
| Deductible / Retention | The risk value that will be borne by the company itself. |
| Coverage Type | Is it just first-party cover or does it include third-party liability? |
| Coverage Countries | Desired jurisdiction area (e.g. Asia, global, etc.). |
| Optional Extensions | Additional guarantees such as Social Engineering, Business Interruption, etc. |
📌L&G Note: L&G will help adjust limits to realistic risks to keep premiums efficient.
Supporting Documents That Must Be Prepared
In addition to the above data, several formal documents are often requested by insurance companies, especially for medium and large corporate clients.
| Document Type | Information |
| 📘Company Profile | Summary of the company’s business and main activities. |
| 🖥️IT Network Structure (Network Diagram) | To understand system infrastructure and critical points. |
| 🧩Information Security Policy | Official internal policy document regarding data security. |
| 📄 Laporan Audit IT / Penetration Test Report | Evidence that the system is tested regularly. |
| 🧾Latest Financial Report | Demonstrates the company’s financial capabilities. |
| 🧠 Business Continuity Plan (BCP) | Strategies for dealing with operational disruptions and recovery. |
📌L&G Note: If some documents are not available, the broker can help prepare a condensed version or executive summary to avoid delaying the underwriting process.
Cyber Insurance Application Process with L&G Insurance Broker Assistance
The following are the general steps implemented by PT. Liberty and General Insurance Broker:
| Level | Description |
| 1. Kick-off Meeting | Initial discussions with clients to understand business models and digital risks. |
| 2. Risk Profiling & Data Collection | L&G assists in completing the insurer’s Cyber Risk Questionnaire. |
| 3. Gap Analysis | Identifying areas of weakness in IT security. |
| 4. Market Placement | L&G submitted proposals to several insurers (market comparison). |
| 5. Negotiation & Binding | Negotiate the best limits, deductibles, premiums, and policy wording. |
| 6. Policy Delivery | The policy is issued and delivered to the client, complete with claims guidelines. |
With a professional approach and neat documentation, L&G ensures clients get the best deals from the insurance market, both local and international.
Challenges Companies Often Face
Based on L&G’s experience, there are several common mistakes that often cause cyber policy applications to be delayed or rejected:
❌Incomplete or inconsistent data between answers in the questionnaire and IT reports.
❌Lack of evidence of security systems such as firewalls, MFA, or activity logs.
❌There is no documented disaster recovery plan.
❌Underestimation of the risk value, for example, only requesting a small limit even though there are millions of customer data.
❌Not using a broker, so communication with the insurer is inefficient.
📌Solution: With L&G assistance, all of the above can be anticipated through a pre-assessment meeting before the documents are submitted to the insurer.
Case Study: Successful Application Due to Complete Documentation
🏢Case 1 – National Fintech Company
L&G helps fintech companies prepare complete underwriting documents, including penetration test reports.And incident response plan.
As a result, premiums can be reduced by 20% compared to other insurers’ initial offers.
🏭Case 2 – Multinational Automotive Manufacturer
Initially, it was rejected because the system didn’t have MFA. After L&G helped develop a policy improvement plan, the insurer approved the policy with a three-month implementation timeline.
🏥Case 3 – Private Hospital
Because it stored patient data, the underwriter requested data encryption proof. L&G helped the client create database encryption documentation. The policy was ultimately approved with a limit of IDR 50 billion.
Tips from L&G Insurance Broker: Prepare Now
✅Conduct an IT security audit at least once a year.
✅Establish documented data security policies.
✅Use multi-factor authentication across critical systems.
✅Backup data regularly and test recovery.
✅Involve the broker from the start so that documents are prepared according to the insurer’s needs.
Conclusion: Good Documentation = More Efficient Premiums
The better your digital security documentation and preparedness, the lower your risk in the eyes of underwriters — and the more competitive your premiums will automatically be.
Cyber Insurance is not just a financial product, but part of a company’s digital risk management strategy.
With the assistance of PT. Liberty and General Insurance Broker (L&G Insurance Broker), every company can navigate the underwriting process easily, quickly, and professionally—without wasting time due to technical or administrative errors.
Want to know what documents you need to prepare to get your Cyber Insurance application approved quickly and efficiently?
Consult directly with PT. Liberty and General Insurance Broker (L&G Insurance Broker) — a trusted independent broker for your business’s digital risk protection.
HOTLINE L&G 24 JAM: 0811-8507-773 (PHONE – WHATSAPP – SMS)
Website: lngrisk.co.id
Email: halo@lngrisk.co.id
