Cyber Insurance Backup Evidence: What Underwriters Want

Introduction

Cyber insurance has changed. Where a short questionnaire once sufficed, underwriters now look hard at whether an organisation can actually recover from a ransomware or data-loss event — and the single most scrutinised control is the backup. Increasingly, insurers want cyber insurance backup evidence: concrete proof that backups are tested, recoverable and intact, both when cover is offered and, critically, when a claim is made. A backup that merely exists is no longer enough. This article walks through what underwriters typically ask for, why "we have backups" falls short, and how a backup integrity certificate from e-Dex (formerly Hash Calculator) gives you defensible proof you can produce on demand — generated entirely on your own machine.

What Underwriters Ask For

Although every proposal form differs, the questions tend to converge on three themes. First, tested restores: not just that a backup job ran, but that the data has been restored and verified on a regular schedule, so recovery is proven rather than assumed. Second, backup integrity: evidence that the backed-up data is unaltered and uncorrupted, so what you restore is genuinely the original. Third, immutability and segregation: at least one copy held in a form attackers cannot quietly delete or encrypt — offline, off-site, or write-once. These map neatly onto the long-standing practice of keeping several copies of important data, on more than one type of medium, with at least one copy kept away from the primary environment. The exact wording is for each insurer to set, so always read the proposal and policy you are given rather than relying on a generic checklist.

Why "We Have Backups" Isn't Enough

Backups fail quietly. A job can report success while writing to a medium that has degraded; a configuration change can silently exclude a critical share; a restore can fail only when it is finally attempted under pressure. Worse, modern attackers deliberately seek out backup repositories first, encrypting or deleting them before triggering the main payload — so the very copy you were relying on can be the first casualty. A green status in a backup console proves the job ran; it does not prove the data can be restored, nor that it is byte-for-byte identical to the source. Underwriters know this, which is why the question has shifted from "do you back up?" to "can you prove your backups are tested and intact?" When a claim is being assessed, the absence of contemporaneous proof can become a point of friction precisely when you can least afford it.

How a Backup Integrity Certificate Provides Defensible Proof

A backup integrity certificate answers the integrity question precisely. e-Dex computes cryptographic hashes — including SHA-256, SHA-512 and BLAKE3 — over your source data and over a restored copy, then compares them and prints a plain verdict: MATCH if every byte is identical, MISMATCH if anything has drifted. The result is a short, dated, readable document stating that a restored backup was validated against its source on a given date, backed by tamper-evident hash values rather than a verbal assurance. That is exactly the kind of artefact an underwriter or risk reviewer can understand at a glance — it converts "we test our backups" into something you can hand over and that anyone can independently re-verify. For the compliance angle and how these certificates support audit and regulatory expectations, see our companion piece on the backup integrity certificate for compliance.

A Simple Routine to Keep Evidence Ready

Defensible evidence is built by habit, not heroics. A practical routine has three steps. Validate the restore: on a set cadence, restore a representative copy from backup and use e-Dex to confirm it matches the source by hash, so recovery is genuinely exercised rather than assumed. Certify the result: generate a backup integrity certificate recording the verdict, the algorithms used and the date — a single, self-contained record of that test. Retain the certificates: keep them in an orderly, dated archive so that, over months and years, they form a timeline showing your backups were validated on schedule and were intact at known points in time. Because e-Dex runs offline, this routine adds no new exposure: the data and the proof both stay on your own machine. The Backup Validation workflow is built precisely to make this loop quick to repeat.

What This Does at Claim Time

The real value of the routine shows up in a crisis. If an incident occurs and a claim is being assessed, you are no longer reconstructing your backup story from memory under stress. You can point to a series of contemporaneous, tamper-evident certificates showing that backups were tested and intact on specific dates before the event — evidence of due diligence created at the time, not retrofitted afterwards. That same record helps internally too: it demonstrates to leadership, auditors and regulators that recovery was a controlled, verified process. None of this guarantees a particular outcome with any insurer — coverage and claims always turn on the facts and the policy wording — but walking in with clear, independent proof is a far stronger position than walking in with assurances alone.

Frequently Asked Questions

What is cyber insurance backup evidence?
Cyber insurance backup evidence is the documentation an organisation keeps to show that its backups are tested, recoverable and intact. Rather than a verbal assurance that backups exist, it is concrete proof — restore logs, validation records and a backup integrity certificate that records cryptographic hashes and a MATCH or MISMATCH verdict — that a restored copy is bit-for-bit identical to its source. Underwriters increasingly ask for this kind of evidence when offering cover and may ask for it again at claim time.

What do underwriters typically ask for regarding backups?
Underwriters generally want three things demonstrated: that restores are tested on a regular schedule rather than assumed to work, that backup data is intact and unaltered, and that at least one backup copy is immutable or segregated so attackers cannot reach it. These map to the common practice of keeping multiple copies, on more than one medium, with a copy held off-site or offline. The exact questions vary by insurer, so always read the proposal and policy wording you are given.

Why isn't simply having backups enough for a cyber insurance claim?
Backups can silently fail, drift or be corrupted, and ransomware increasingly targets backup repositories first. Having a backup job that reports success does not prove the data can actually be restored or that it is unaltered. At claim time an insurer may look for evidence that backups were tested and intact before the incident. Without that proof, a claim can be questioned. Tested-and-certified backups turn an assumption into a defensible fact.

How does a backup integrity certificate help at claim time?
A backup integrity certificate is a dated, readable record that a restored copy matched its source, proven by multiple cryptographic hashes and an explicit verdict. Retained over time, these certificates form a timeline showing that backups were validated on a schedule and were intact at known dates. If you ever need to support a claim or demonstrate due diligence, you can point to contemporaneous, tamper-evident records rather than reconstructing the story afterwards.

Does e-Dex need an internet connection to validate and certify backups?
No. e-Dex runs fully offline on your own Windows machine. Comparing a restored copy against its source by hash, generating the backup integrity certificate and retaining it all happen locally, so your data never leaves your computer. An internet connection is only needed if you choose to apply an RFC-3161 trusted timestamp from a Time-Stamping Authority to seal the exact time a certificate was produced.

Conclusion

Cyber insurers are no longer satisfied that backups exist — they want proof that backups are tested, recoverable and intact, and they may ask for that proof again when a claim lands. A simple, repeatable routine of validating a restore, certifying the result and retaining the certificate turns that demand into a non-event: defensible evidence is already on file. You can build that habit in minutes, offline, on a single Windows machine with e-Dex Backup Validation, and you can download e-Dex free to start producing backup integrity certificates today.