Cyber-Insurance Readiness · Documentation · Monitoring
Prove your controls. Stay renewal-ready.
Insurers and clients are asking small firms for more documentation, MFA, and proof of controls every year. We get you ready and keep you ready — assess your controls, turn them into clean evidence, and watch for credential and domain exposure. Advisory only: we document and monitor, you keep control.
Readiness, documentation & proof — not fear. An assessment is not a guarantee of security.
Why this matters now
Cyber-insurance renewal has quietly become a technical review. The asks are consistent and documented:
48%
of insured organizations had to strengthen security to meet their insurer's requirements
Netwrix 2024 Hybrid Security Trends
30%
made changes just to be eligible for a policy — up from 22% the year before
Netwrix 2024 Hybrid Security Trends
75%
of insurers now require multi-factor authentication — up from 63%
Netwrix 2024 Hybrid Security Trends
54% / 34%
of lawyers use MFA; only 34% have a written incident-response plan
ABA 2023 Cybersecurity TechReport
Assess. Document. Monitor. Prove.
Assess
We review your current controls against what carriers and clients actually ask for — MFA, email authentication, backups, access management, and an incident-response plan — and tell you, plainly, where you stand.
Document
We turn what you have into clean, human-confirmed evidence artifacts: an MFA record, a backup-process attestation, policy templates, and a renewal-ready packet you can hand to a carrier or a client.
Monitor
We watch for credential exposure in known breach data and for lookalike domains that impersonate you, and surface what we find so you can act. Light, clearly scoped monitoring — not a detection guarantee.
Prove
Each artifact is captured in a dated, version-controlled evidence record, so when renewal or a client questionnaire arrives, the proof is already assembled — and it's yours to attest to.
Productized tiers
Priced by what's measurable — domains, scope, reviews, and evidence packets — not by how much advice you ask for.
Cyber Readiness Lite
For solo and small firms that need proof of basic controls without hiring a vCISO.
Setup $1,000–$2,500
- Annual cyber-insurance readiness review
- MFA documentation — human-confirmed evidence artifact
- Email/domain review (SPF/DKIM/DMARC snapshot)
- Credential exposure monitoring — 1 domain
- Monthly lookalike-domain report
- Policy templates: IR plan, password/MFA, wire-verification
- Quarterly renewal-ready evidence packet
Cyber Insurance Ready
Stay renewal-ready and prove your controls — without vCISO retainer pricing.
Setup $2,500–$7,500
- Everything in Lite, plus:
- Up to 3 domains / defined user scope
- Two formal control reviews per year
- Carrier-questionnaire mapping to your evidence
- Wire-verification workflow + monthly artifact
- Monthly credential/domain exposure report
- Lightweight annual tabletop checklist
- Evidence vault, dashboard & renewal timeline
Professional Risk Program
Structured cyber-risk documentation and exposure monitoring for larger professional firms.
Setup $7,500–$15,000
- Everything in Insurance Ready, plus:
- Expanded monitoring: multiple domains + executives
- Quarterly formal control-review packet
- Invoice/wire-change verification workflow
- Cyber-insurance renewal calendar & readiness tracking
- Coordination with your existing IT/MSP for evidence
- One quarterly review meeting
- Business-hours advisory queue (not an emergency hotline)
Larger firms (40–100 employees) can be served on a custom productized program. Above that, or where a full managed-security or vCISO engagement is the right fit, we'll refer you to a partner rather than stretch this service past what it's built to do.
Where this sits
Between your insurer's free scan and a full vCISO engagement there's a gap — small firms that need real, attestable evidence without security-leadership pricing. That's the slice we built for.
| Insurer's free scan | Butler Cyber Readiness | Full vCISO / MSP | |
|---|---|---|---|
| Typical monthly cost | Free with many policies | $500 – $3,000 | ~$3,000 – $12,000 |
| What it is | Automated external scan | Readiness, documentation & monitoring | Security leadership / managed controls |
| Renewal-ready evidence packet | — | Human-confirmed, yours to attest | Varies by engagement |
| Who operates your controls | You / your IT | You / your IT — we stay advisory | Often the provider |
| Best for | A quick exposure check | Small firms proving their controls | Firms needing full security operations |
vCISO retainer range reflects typical published SMB/mid-market corridors; insurer scans vary by carrier. If your firm needs full security operations, we'll say so and point you to the right kind of partner.
What this service is — and isn't
This is a productized cyber-readiness, evidence, documentation, and exposure-monitoring service. It is deliberately advisory only. To keep the engagement clearly scoped, it does not include:
Questions
Is this a guarantee that we won't be breached?+
No — and any service that tells you otherwise is overselling. This is a readiness, documentation, and monitoring service. We help you assess your controls, prove them with evidence, and watch for known exposure. An assessment is not a guarantee of security, and monitoring surfaces exposure for you to act on rather than promising to catch everything.
Do you operate our security or run incident response?+
No. We stay in the advisory lane on purpose: we assess, document, and monitor. We do not operate your firewalls, manage endpoints, run a SOC, or perform incident response. That boundary is deliberate — it keeps the engagement clearly scoped and keeps you in control of your own environment. When you already have an IT provider or MSP, we coordinate with them for evidence; we don't replace or direct them.
Who signs the insurance application?+
You do. We produce the evidence and documentation that supports an accurate answer to your carrier's questions, but the attestation is always yours to review, verify, and sign. Misrepresenting controls on a cyber-insurance application can void a policy — so our job is to make your own attestation accurate and well-evidenced, never to make it for you.
Why is this so much less than a vCISO retainer?+
Because it's a productized service, not an open-ended advisory relationship. Pricing is tied to measurable things — domains monitored, users in scope, reviews per year, evidence packets — not to how many questions you ask. A full vCISO engagement runs several thousand dollars a month and includes far more; this is the focused, renewal-readiness slice of that, built to be affordable for a small firm.
What do you actually monitor?+
Two things, clearly scoped: credential exposure (whether your email addresses or passwords show up in known breach datasets) and lookalike domains (whether someone has registered a domain that impersonates yours — a common setup for wire fraud). We surface what we find so you can act. We do not monitor your internal network or endpoints.
Do you work with firms outside of law?+
Yes. The service fits any small professional firm that carries cyber insurance or gets asked for security documentation — law, private investigation, bail, accounting, title, and similar professional offices. The readiness checklist and evidence workflow are the same; the carrier questions are similar across these verticals.
Get renewal-ready before the questionnaire lands
Book a short fit call. We'll walk through what your carrier and clients are likely to ask, show you where you stand today, and tell you honestly whether this service is the right fit.