Your underwriter wants a pentest report. We deliver one they'll actually accept: OSCP-certified testing, signed attestation letter, and a report built for insurance review. Five business days, start to finish.
Underwriters aren't asking for pentests because they think it's fun. They need to know you're not a liability waiting to happen.
Before an insurer puts their money on the line, they want evidence that you've looked at your own security. A pentest is one of the clearest ways to show you've done that work.
Plenty of insurers knock 5-15% off your premium when you show up with pentest results. The testing often pays for itself in the first year just through that discount.
Some coverage tiers won't approve without a signed attestation letter from a certified tester. Not a vulnerability scan report. An actual pentest with a human behind it.
Renewal dates don't move. We turn around reports in 5 business days so you're not scrambling to get documentation to your broker at the last minute.
We've seen enough underwriter checklists to know what they're scanning for. Our reports are built to check those boxes.
The first thing an underwriter does is look at how many criticals and highs you have. We score every finding with CVSS 3.1 and explain the actual business impact, not just a scanner output number.
Insurers want to confirm the test actually covered the right stuff. Our reports spell out what was tested, how it was tested, and when. No ambiguity.
Underwriters like seeing that you know what to fix and how. Each finding comes with specific remediation steps and a rough effort estimate so you can show a plan, not just a list of problems.
Insurers check who did the testing. All testing is performed by Miguel Velazco, OSCP and CRTO certified. Your report includes a signed attestation letter confirming the work was completed.
Everything your broker needs to hand off to the underwriter.
The main document. Executive summary, technical findings, CVSS scores, business impact, and a remediation roadmap. Typically 100+ pages depending on scope.
Signed letter confirming what was tested, how, and by whom. This is the document most underwriters specifically ask for.
A one-pager formatted for underwriters. Hits the key metrics they care about without burying them in technical detail.
A call with Miguel after delivery to walk through findings, answer questions, and talk through what to fix first.
After you've fixed things, we can verify the fixes and document the improvement for your insurer.
Assessment to report delivery in 5 business days. You won't miss your renewal deadline.
Straightforward. No surprises.
We talk through your insurance requirements, figure out what systems need testing, and agree on scope. If your broker sent you specific requirements, bring those to the call.
Hands-on penetration testing against your infrastructure and applications. Everything gets documented as we go.
Findings are scored, validated, and prioritized by actual business impact. No inflated severity counts.
The full report, attestation letter, and insurer summary get written up and quality-checked.
You get everything within 5 days, plus a debrief call to go over what we found and what to prioritize.
Scoped to your environment. No fixed tiers. The testing cost usually pays for itself in premium savings.
Custom-scoped to your policy requirements
Typical ROI: Most clients see a 5-15% premium discount that offsets the testing cost within the first policy year.
Most companies recover the testing cost through premium reductions in year one.
The premium discount is just part of it. Having a pentest on file also gives you a stronger position when negotiating coverage terms, higher limits, and better exclusions. Insurers treat tested companies differently than untested ones.
What people usually ask before booking.
Most standard policies don't explicitly require it, but a lot of underwriters offer 5-15% premium discounts if you have one. Higher coverage limits often do require it. Talk to your broker. They'll tell you if it's mandatory or just strongly recommended.
Start with whatever touches sensitive data or keeps the business running. We'll help you narrow it down during the scoping call based on your industry and your insurer's requirements. Most insurance pentests cover external network, internal network, and web apps.
We test carefully. Most of what we do is non-destructive, and we coordinate timing with your team. You'll see the full scope before we start so there are no surprises.
Most underwriters want something from the last 12 months. Your environment changes, so older reports don't carry much weight. Annual testing is the safest bet for keeping your policy in good shape.
Good. That's the point. We document everything and tell you exactly how to fix it. You can do a follow-up retest after remediation to show your underwriter the problems are gone. Insurers actually like seeing that cycle.
Yes. It's yours. Share it with your broker, your underwriter, whoever needs it. We format it so it's ready for insurance submissions and renewals.
Attestation letter, insurer-ready report, 5-day turnaround. Scoped to what your policy actually requires.
Testing done by Miguel, OSCP and CRTO certified
Won't miss your renewal deadline
Local firm, 24-hour response time