How to Prepare for a Cyber Underwriting Call: A GM and Controller Script for Dealerships

Cyber underwriting calls used to be quick. Now they feel more like an audit interview. The underwriter is trying to figure out two things:

  1. How likely you are to have a claim
  2. If you do, how big and how long the downtime will be

The good news: most dealerships don’t lose these calls because they’re “bad.” They lose because answers are vague, inconsistent, or unsupported by proof. This post gives you a dealership-native prep plan and a script your GM and Controller can use without sounding like IT.

Note: This is general information, not insurance or legal advice. Your broker should advise on your specific application and policy terms. Of course, being transparent is important when dealing with insurers to avoid a denial of claims if it is found you made false statements.

Who should be on the call (dealership version)

Keep it tight. Underwriters like clear ownership.

Recommended attendees:

  • Controller/CFO (owns AP, payroll, cash controls, vendor payments, audit posture)
  • GM (owns operations, decision-making, incident leadership)
  • IT/Security lead or MSP/MSSP (answers technical verification questions)
  • Broker (runs interference, sets positioning, handles coverage specifics)

Tip: Decide in advance who answers what. Nothing spooks an underwriter like two leaders contradicting each other on MFA, backups, or “who monitors alerts.”

The 15-minute prep that prevents 60 minutes of pain

Before you get on the call, build a simple “evidence packet.” You don’t need a binder. You need receipts.

Your Underwriter Evidence Packet (dealership-ready)

Have these ready to email or reference live:

  • MFA enforcement confirmation (email + remote access + admin accounts)
  • Endpoint coverage summary (how many PCs/servers protected, centrally managed)
  • Backup overview + most recent restore test result (date, what was restored, how long it took)
  • Patch/update cadence statement (monthly + critical out-of-band process)
  • Offboarding process (same-day access removal, who owns it)
  • Incident response plan (even a 2–3 page practical version) + last tabletop date
  • Vendor access inventory (top vendors with access to systems/data, review cadence)
  • Any recent improvements since last renewal (MFA expanded, EDR upgraded, backups hardened)

What you’re doing here: making the underwriter’s job easy. Clear control, clear proof, clear ownership.

The biggest mistakes dealerships make on underwriting calls

Avoid these and you’ll instantly sound more “bind-ready.”

  • “We have MFA.” (Where? Enforced? For everyone? Exceptions?)
  • “We back up everything.” (When was the last restore test? How fast can you recover?)
  • “Our IT company handles that.” (Who inside the dealership owns the program?)
  • “We’ve never had an issue.” (Underwriters don’t price luck. They price controls.)
  • “I think so…” answers. (If you don’t know, defer to the technical lead with a crisp handoff.)

How the call usually goes (and how to win each section)

Underwriting calls tend to follow this sequence:

  1. Your environment and business model
  2. Identity and access (MFA, admin accounts, remote access)
  3. Endpoint security (EDR, patching, monitoring)
  4. Backups and recovery (testing)
  5. Email and fraud controls
  6. Incident response and vendor risk
  7. Any prior events and what changed

Your script should follow the same flow.

The Script: GM and Controller Talking Points

Opening (GM)

GM Script:
“Appreciate the time. From an operations standpoint, our goal is straightforward: keep the dealership running and reduce downtime risk. [Controller Name] will speak to payment controls and process. [IT Lead Name] will confirm the technical controls and provide evidence where needed.”

(Then stop talking. Let the underwriter drive.)

Identity and MFA (IT lead, with GM reinforcement)

Underwriter is listening for: enforcement and scope.

IT Lead Script:
“MFA is enforced for all users on email and remote access. Privileged/admin accounts are also MFA-protected. We restrict exceptions and document them.”

GM Reinforcement (if asked why it matters):
“We treat email as a critical system because it touches lenders, payroll resets, vendor invoices, and customer communication.”

Endpoint protection and monitoring (IT lead)

Underwriter is listening for: coverage, central management, response.

IT Lead Script:
“We run centrally managed endpoint protection across [X]% of workstations and servers, with alerting and a defined response process. Security events route to [team/process], and we have escalation for after-hours.”

If you don’t have 24/7 monitoring, don’t fake it:
“We receive alerts and have an on-call escalation path. Our goal this year is to tighten response time further.”

(That’s honest and forward-looking without overpromising.)

Backups and restore testing (Controller + IT lead)

This is where a lot of dealerships stumble. Underwriters want proof, not philosophy.

Controller Script:
“From a business continuity standpoint, we prioritize restoring what keeps the store moving: DMS-related operations, accounting continuity, and core files. We’ve tested restores.”

IT Lead Script (with numbers):
“Our last restore test was on 2026. We restored [system/data] and validated access in approximately [time]. Backups are protected from tampering and access is restricted.”

If you haven’t tested restores recently:
“We have backups running reliably. We’re scheduling a documented restore test in the next [timeframe] and will provide results.”

Patch management (IT lead)

IT Lead Script:
“We patch operating systems and third-party apps on a defined cadence, with priority handling for critical vulnerabilities. We track completion and remediate exceptions.”

GM Script (business framing):
“We schedule it to avoid peak traffic and month-end, but we don’t postpone critical fixes.”

Payment and fraud controls (Controller)

Dealerships are high-risk for invoice and bank-change fraud. This is a Controller win.

Controller Script:
“For AP, payroll, and any bank detail changes, we require out-of-band verification. We don’t rely on email alone for changes to payment instructions. We also limit who can initiate and approve payments.”

Optional add:
“We separate duties where possible so one person can’t create a vendor and release funds without oversight.”

Incident response readiness (GM + IT lead)

Underwriters want to know you won’t improvise under pressure.

GM Script:
“We have a documented incident response plan with clear roles: containment, carrier notification, counsel coordination, and operational decisions. We’ve run a tabletop exercise to practice communications and recovery priorities.”

IT Lead Script:
“We can isolate systems, reset credentials, and preserve logs as needed. We have escalation contacts for key vendors.”

Vendor access and third-party risk (Controller + IT lead)

Controller Script:
“We maintain a vendor list for providers that touch customer data or have system access. We review access periodically and remove access when vendors change.”

IT Lead Script:
“Vendor access is restricted, MFA is required where possible, and we aim for least privilege.”

Prior incidents (GM or Controller, calmly)

If you’ve had an event, don’t over-explain. Keep it factual and improvement-focused.

Script:
“We had [brief description, no drama] on [approx. timeframe]. We contained it, recovered, and implemented specific improvements: [MFA expansion / EDR rollout / backup hardening / training cadence / tighter payment verification].”

Underwriters respond well to: “Here’s what happened, here’s what we changed, here’s how we prevent recurrence.”

Closing (Broker + GM)

GM Script:
“Happy to provide any evidence you need. Our focus is keeping the dealership operational and reducing claim likelihood and severity.”

What the underwriter is really asking (translated)

Use this internal translation to guide your answers:

  • “Do you have MFA?” = “Can one stolen password take you down?”
  • “Do you have EDR?” = “Will you detect and contain fast enough?”
  • “Do you test backups?” = “Will we pay for days of downtime?”
  • “Do you patch?” = “Are you easy to compromise?”
  • “Do you have an IR plan?” = “Will your response reduce claim cost?”
  • “Do you control vendors?” = “Do third parties quietly increase exposure?”

CTA: Book a Cyber Insurance Readiness Gap Assessment

If you want this call to feel easy, do the prep once and reuse it every renewal.

Book a Cyber Insurance Readiness Gap Assessment and we’ll:

  • identify which controls are most likely to impact eligibility and pricing
  • close the common dealership gaps (MFA scope, restore testing, vendor access, email fraud controls)
  • assemble an “underwriter evidence packet” so you’re not scrambling every year
Share

Disclaimer

Dealerships should consult their own legal counsel, compliance specialists, or cybersecurity professionals before taking any action based on this website.
Explore
Get FTC Safeguards help today!
Subscribe