PhishPlease
All posts
ComplianceFebruary 10, 2026

Cyber Insurance Now Asks About Phishing Training — Here's What They Want

Insurers are asking SMBs for proof of phishing awareness programs. We break down the questions, what documentation you need, and how to generate it.

If you've renewed a cyber insurance policy recently, you've probably noticed new questions about phishing. Insurers aren't just asking if you have antivirus anymore — they want to know if you're actively testing and training your employees.

What insurers are asking

The exact questions vary by carrier, but most cyber insurance applications now include some version of these:

  • Do you conduct regular phishing awareness training?
  • How often do you run phishing simulations?
  • What percentage of employees have completed security awareness training?
  • Can you provide documentation of your phishing program?
  • Do you have a process for employees to report suspicious emails?

Answering "no" to these doesn't automatically disqualify you, but it can increase your premiums by 10-30% or trigger exclusions that leave you unprotected when you need coverage most.

What documentation they accept

Insurers don't need elaborate security frameworks. They want evidence that you're doing something consistent. Specifically:

  • Campaign frequency. Proof that you run simulations regularly (monthly or quarterly).
  • Participation rates. Evidence that most employees are included in testing.
  • Click rate trends. Data showing improvement over time.
  • Training completion. Records of employees completing security awareness training.

How to generate compliance reports

PhishPlease generates exportable PDF reports that include all four of these metrics. You can attach them directly to your insurance renewal application or email them to your broker.

The reports show simulation dates, employee participation, click rates by campaign and department, training enrollment, and completion status. This is the exact data insurers request.

Timeline: how fast can you get compliant?

You can go from zero to having a documented phishing program in under a week:

  1. Day 1: Sign up, import employees (CSV or manual entry).
  2. Day 1-2: Send your first simulation campaign.
  3. Day 3-5: Results come in, training triggers automatically for clickers.
  4. Day 5-7: Export your first compliance report.

By your next renewal, you'll have months of data showing an active, documented phishing awareness program.

The cost math

PhishPlease costs $89.99/month for up to 30 users. If your cyber insurance premium drops by even 10% because you can document a phishing program, the tool pays for itself. Many SMBs see premium reductions of 15-25% after implementing regular phishing training.

Related

PhishPlease for insurance complianceView pricingRead: Your first campaign
PreviousYour First Phishing Campaign: What to Expect (and ...NextWhy Text Message Phishing (Smishing) Is Exploding ...

Ready to test your team?

Send your first phishing simulation in under 2 hours.

Start free trial

14-day free trial · No credit card required