Topic
Once downloaded from your relevant app store, you'll need to register with your work email that has the same domain as the website that was provided to CFC when your policy incepted. For example, johndoe@cfc.com when registering for the company www.cfc.com.
If your email domain differs from your website or no URL was submitted, you’ll need to additionally provide your policy number (e.g. ABC1234567890). Once you've registered, you can access the app using Face ID or the PIN you set during registration. If you experience any issues with registration or logging in, please contact customersupport@cfc.com.
Anyone within your organisation can use the CFC Response app by downloading it and registering with your policy number (e.g. ESJ1234567890).
This allows them to:
- Access policy documents
- Receive real-time threat alerts
- Report cyber incidents
- Use cybersecurity tools like phishing simulations and dark web monitoring
This setup is designed to ensure broad access across your team while maintaining security and operational efficiency.
Yes, the app will recognise all CFC policy numbers attached to the same company name. You'll be able to see the policy numbers we've associated to your account in Menu > Company. If a policy number isn't there, it may be because it's associated to a different company name.
You'll need to log-out and re-register with a different email domain to create an app account for that policy. If you're unsure of what policy should be registered where, please contact customersupport@cfc.com for assistance.
No, you don’t need to update the app. The policy number within the app should update to your new policy number within 30 days of activation. If you experience any issues with this, please contact customersupport@cfc.com for assistance.
Get in touch with our internal support team at customersupport@cfc.com. We'll be able to assist you with removing access for these individuals.
Yes, you can monitor multiple domains. At present, adding additional domains to be monitored should be done via the 'Ask the Expert' chat or by emailing customersupport@cfc.com.
In future releases, we will allow you to add additional domains via the app.
Please logout out of the demo account in the app via Menu > Profile > Log out, then re-register.
To re-register, you'll need to use an email with the same domain as the website that was provided to CFC when your policy incepted . For example; johndoe@cfc.com when registering for the company, www.cfc.com.
If your email domain differs from your website or no URL was submitted, you'll need to additionally provide your policy number (e.g. ABC1234567890). Once you've registered, you can access the app using Face ID or the PIN you set during registration. If you experience any issues with registration or logging in, please contact customersupport@cfc.com.
You can access a range of free cyber security tools, only available to app users, via the Tool view on the home screen once you log in. These tools include:
Phishing simulation – this is a simulated email campaign that goes out to selected users of your team. These emails are designed to resemble phishing attempts in order to show users how easy it is to be deceived and to raise awareness of this type of criminal tactic.
Dark web monitoring – this tool scours the dark web for information relating to your business, including corporate login credentials and other breaches of sensitive data relating to your domain name.
Deep scanning – this service actively scans your business’s network footprint to identify claims-correlated vulnerabilities that could lead to cyber-attacks or ransomware.
No further information is required from you at this time. The tool operates based on the IP address of the business domain you provided to CFC when your policy incepted.
No. Access to the CFC Response app, and its associated tools, is complimentary for CFC policyholders who have purchased cyber cover as part of their policy.
No, the CFC Response app does not perform penetration testing.
Its primary purpose is to provide real-time threat alerts and enable incident reporting and communication during cyber events. If you’re looking for intrusion or penetration testing, that typically falls under a different service, often called penetration testing (pen testing) or vulnerability assessment, which is usually offered by specialised security teams or vendors.
Currently, the phishing and dark web monitoring tools in the CFC Response app only monitor the domain of the first account that registered for the app. However, the deep scanning tool scans for related network assets, as identified by our data science team. You can send us more domains and IPs to update our records for deep scanning. Reach out to customersupport@cfc.com for help doing this.
Deep scanning is an in house CFC service that continuously scans the external, internet facing parts of your network for vulnerabilities commonly exploited in cyber-attacks, such as exposed RDP services and outdated or unpatched software.
It actively tests for weaknesses rather than just listing what’s visible and works in real time to alert you only if a genuine threat is detected, providing clear, actionable steps to strengthen your defences. It’s designed to supplement, not replace, full vulnerability scans, helping you stay ahead of cyber threats.
Deep scanning can only be activated for your policy through the CFC Response app. After registering and logging in, you’ll find the Tools module on the home screen, showing each tool and its current status. To enable deep scanning, tap the toggle and switch it on to provide consent for the service to scan your network footprint.
The scan runs based on the domains linked to your policy, and you can turn deep scanning on or off for each domain associated with your account. Please note: no scanning originates from your mobile device.
The deep scanning tool scans for related network assets, as identified by our data science team. You can send us more domains and IPs to update our records for deep scanning. Reach out to customersupport@cfc.com for help in doing this.
Using data from our dark web monitoring tool and other sources, we compile a list of corporate email addresses that may be vulnerable to phishing attempts. Each month, realistic phishing-style emails are sent to these selected employees to simulate real attacks and test how they respond. If someone clicks a link or enters details, they’re immediately redirected to an educational page explaining what they missed and why it matters.
You can view and edit which addresses will receive these mock emails, though bulk uploading is not supported. At the end of each month, you’ll receive a detailed report showing who clicked, who reported the email, and where extra training might be needed. This approach raises awareness, demonstrates how easy it is to fall for phishing attempts, and helps build stronger security habits across your team.
The phishing tool can only be activated for your policy through the CFC Response app. After registering and logging in, you’ll find the Tools module on the home screen, showing each tool and its current status. To enable the Phishing campaign, tap the toggle and switch it on to activate. Using data from our dark web monitoring tool and other sources, we'll then compile a list of corporate email addresses that may be vulnerable to phishing attempts. These will form the list of those employees we'll then send the simulated phishing emails to.
We build the recipient list for phishing simulations by matching the email addresses manually provided by you during phishing campaign setup, with the email addresses discovered online that are linked to your organisation, including addresses exposed in previous data breaches or found on the dark web. This approach may occasionally allow some older or inactive email addresses to be included, so we run a validation process before running the phishing simulation to remove unmonitored accounts and accounts belonging to former employees.
This ensures the campaign remains realistic while reducing unnecessary delivery failures. Including a broad range of addresses reflects real-world attack conditions, where cybercriminals target any email they can find, and by validating the list, we maintain accuracy and protect your organisation’s reputation during testing.
To update your phishing campaign list, open the phishing tool from the home screen and select “Edit phishing list.” You’ll then see all the email addresses scheduled for the next send, where you can easily add or remove entries
We don’t operated phishing campaigns using free domains (e.g gmail.com, outlook.com), so please ensure your account is registered with your company email address, then disable and re-enable phishing to see your updated target list of email addresses. If your target list is empty, this is most likely because we have not found any emails from your domain on the internet yet.
You may add your colleagues’ email addresses manually - see ‘How do I make changes to the list of phishing targets?’ above to find out how to do this.
Bulk uploading email addresses for phishing campaigns isn’t currently supported, so targets need to be added individually through the CFC Response app.
To add someone:
- Open the CFC Response app
- Access to the Phishing tool section from the homepage
- Select 'Edit phishing list' and enter the person’s email address
We recommend reviewing your target list regularly to make sure it reflects the right audience for your simulation. Keeping it up to date helps maintain accuracy and ensures the exercise is meaningful for your organisation.
For each phishing campaign, we use one standard template for all organisations, selected at random from our library. These templates are primarily Microsoft-themed, as many customers use Microsoft services, but we also include Google Workspace-based templates to keep simulations varied and realistic. Templates are rotated between campaigns to prevent predictability. Please note that these templates are standardised and cannot be customised or changed.
The sender email addresses, and IP addresses will vary between campaigns. We do this to ensure that each message is unique and to improve the overall deliverability of the campaign. Please note that these details are managed automatically and cannot be changed.
Campaigns are structured to run on a monthly basis. Unfortunately, they cannot be conducted on an ad hoc basis outside of this schedule.
Yes, two weeks before the campaign starts we will send you the domains and IP addresses we will use for your campaign. Should you wish, you can whitelist these to ensure these are not blocked.
Our phishing reports are only available through the CFC Response app and cannot be sent via email.
The campaign runs once a month and lasts for approximately 2 weeks.
Our dark web monitoring service works in partnership with a trusted provider to continually scan the dark web for information related to your business. This includes stolen corporate login credentials and other breaches of sensitive data. Using the email address provided at registration, we derive your domain and check daily for any breaches associated with it.
If compromised data is detected, we immediately notify you through the CFC Response app and provide all the details found, along with practical advice on how to resolve the issue. Stolen credentials are one of the most common ways hackers gain access to company systems, enabling cybercrimes such as wire transfer fraud or ransomware attacks. By tracking and addressing breaches promptly, you help keep your business secure and reduce the risk of further compromise.
The dark web monitoring tool can only be activated for your policy through the CFC Response app. After registering and logging in, you’ll find the Tools module on the home screen, showing each tool and its current status. To enable dark web monitoring, tap the toggle and switch it on to activate.
If the switch is toggled on for the dark web monitoring within the Tool section on the home page, then it’s active. We only notify you at the time a breach occurs with a summary of what we found, so no news is actually good news. You can view the domains we're monitoring within the same dark web monitoring tool page. If the domain(s) listed isn't right, please email customersupport@cfc.com to let us know.
Unfortunately, we are unable to adjust the timing of the alert at this time.
If the inactive account has been disabled and removed throughout your company’s system, this should pose no threat to your organization. However, if the account is still present in your company’s system and is inactive (e.g., the users associated with the account have left), we recommend immediately disabling and/or deleting the account from all areas of your company system to ensure security.
Attackers may sometimes attempt to use a password cracking program to brute force attack credential details based on common patterns in workplace emails, which can then appear in the credential stuffing lists. If this is the case, please feel free to ignore these alerts in the future.
We use multiple sources to gather data, including private, government, and proprietary in-house data. The information we receive is often from compiled lists, where hackers may merge multiple breaches. As a result, it can be difficult to pinpoint the specific source of the breach or identify the exact credentials that were affected. The information we receive is from a compiled list where hackers often merge multiple breaches, making it challenging to pinpoint the specific source or the exact credentials that were affected.
As a next step, we recommend changing any passwords associated with the affected accounts and closing any email addresses that are no longer in use to help protect your security. Additional information can be found in the privacy policy.
“Ask the Expert” provide access to cybersecurity advice and best practice guidance from our in-house experts. Support they can provide includes:
- Cybersecurity best practices e.g. “How do I set up multi-factor authentication for my team?”
- Incident prevention e.g. “How do I securely configure remote access for employees?”
- Domain management e.g. “I have an additional domain to be added to my account. Can you please add this?”
“Ask the Expert” is strictly for cybersecurity advice and best practice guidance, so there are clear boundaries on what it cannot help with. For support with these, either contact your Broker or customersupport@cfc.com
It will not help with:
- Policy related commitments e.g., confirming if something impacts your policy or providing coverage details.
- Policy renewals or changes e.g., updating renewal terms or making amendments.
- Administrative updates e.g., changing contact details or updating account information.
- Claims handling e.g., processing or advising on claims.
- IT troubleshooting e.g., fixing systems or resetting passwords.
We aim to respond within 48 hours. If you want to report a cyber incident for immediate response, please use the incident reporting channel instead.
When in doubt, reach out. If you think something has happened or might happen, report it as an incident from the home screen or through the “Help” tab at the bottom of the screen. If you are unsure of the incident type, simply select “Other”. A member of the CFC Response team will respond within 30 minutes or less with clear guidance on the best next steps.
A member of the CFC Response incident response team will call you within 30 minutes or less. During this call, we will review the details of your incident and advise on any immediate actions you should take.
Next, we will determine whether additional specialist services such as forensic analysis, business resumption or legal support are needed to restore normal operations. You will receive an email summarising the incident, and our appointed partner vendor will contact you to assess the level of assistance required. Once we agree on the scope of work, we will move quickly to get your business back on track. At the same time, a dedicated cyber claims specialist will be assigned to guide you through the entire claims process, providing proactive advice every step of the way.
Our real-time critical threat alerts will be your first backstop of protection. Through proactive cyber attack prevention technologies, our team can spot problems fast and send you critical alerts with guidance on how to mitigate any issues.
If you get an alert, make sure you read the full detailed report that will be included within the notification. Each alert will be different and may have different actions. If in doubt, please reach out on our “Ask the expert” chat function.
Your policy documents are not available in the CFC Response app, however the Response app does store your policy number and your policy password to decrypt your documents.
Your policy documents should have been sent to you by your broker. If you don’t have them, please reach out to them for a copy.
To find your password for your policy documents, please log into the app and tap the Menu section in the bottom right corner of the screen. There, you will find your Company link. Tap it to view your company profile where your policy number is displayed.
If your policy is encrypted, a “Show decryption key” button will be displayed. Tap it to reveal your password.
While it’s rare for cyber policies to be the focus of a cyber attack, cyber extortion continues to be a leading cause of claims. But when encrypted, if a customer’s policy documents fall into the wrong hands they can’t be used as leverage in an extortion attempt.
It makes sense for us to offer this additional layer of protection, and peace of mind, for our cyber customers. You read more about policy encryption on our website.
Please refer any questions regarding your policy and coverages to your broker, they will be able to help.
The app does not access any company network or internal data. The only information required by the app, and by CFC, is the company’s IP address, which is publicly available.
Our tools operate within strict boundaries. For example, they identify compromised email addresses published on the deep and dark web or search for the company domain (e.g., “company.com”) on hacker forums. The deep scanning tool is the only feature authorised to scan the external surface of a business’s network, similar to checking for unlocked windows or doors. However, we do not enter those windows or doors, nor do we access the internal network where data is stored.
Neither CFC nor the app ever accesses company data, unless provided. The CFC Response app is designed to monitor the perimeter of your network for vulnerabilities that attackers could exploit and to alert you promptly if we detect anything suspicious.
The cyber security tools operate out of our servers, not from your device. The CFC Response app is the only required form of consent for us to operate these features and as a mode of comms to share their findings or performance. We identify your company network via the IP address linked to your company website.
The CFC Response app is only available on iOS and Android devices, such as mobile phones and tablets. The CFC Response app is not currently available for download or use on laptops or desktop PCs.
We do have an incident response plan template – which you can download from here. We also have guidance on how to build your own plan here, plus considerations you should keep in mind when creating the plan.
You can find all cyber-related articles, infographics, case studies, advisories, and more on our Cyber Knowledge Hub, helping you stay up-to-date with relevant cyber events.
If there is anything more specific in terms of best practices that you are looking for, please get in touch at customersupport@cfc.com and we can provide more specific advice.