More carriers are now asking what kind of data is on an applicant’s network, and whether the data is encrypted at rest and in transit. Encryption is increasingly important, and a firm that doesn’t encrypt its valuable data may not be practicing other reasonable risk management techniques.
You need to understand what data you have that is exposed and where you keep it. So, for example, if your company’s laptops contain sensitive information and you don’t encrypt them, you may have a difficult time getting a policy to cover that.

This footage is from INSUREtrust’s 2013 Cyber Risk Management Boot Camp.