Back to ResourcesRisk & Governance

    Cyber Insurance: What Underwriters Actually Ask For

    Cyber insurance renewals now look like security audits. Here are the controls underwriters expect to see in 2026, and how to prepare.

    Cyber insurance has changed dramatically. A few years ago, a short questionnaire and a credit card were enough. Today, underwriters ask detailed questions about your security controls, and the wrong answer can mean higher premiums, reduced coverage, or denial outright. For small businesses, the renewal questionnaire often arrives with little warning and a tight deadline.

    The good news is that the questions are predictable. If you prepare ahead of renewal, the conversation is straightforward. The bad news is that answering yes when the truth is no can void a future claim.

    The controls underwriters consistently ask about in 2026 include:

    • Multi-factor authentication on email, remote access, VPN, and privileged accounts. Phishing-resistant methods are increasingly preferred.
    • Endpoint detection and response, often called EDR, deployed on every workstation and server.
    • Backups that are tested, encrypted, and stored offline or in immutable storage.
    • A written incident response plan with named roles and contact information.
    • Email security including SPF, DKIM, DMARC, and a spam and phishing filter.
    • Patch management with a defined cadence and reporting for critical vulnerabilities.
    • Security awareness training for all employees, with phishing simulations.
    • Vendor risk management, especially for any vendor with access to your systems or data.
    • Privileged access controls, including separation of admin and standard user accounts.
    • Network segmentation, particularly isolating guest, IoT, and point-of-sale systems.

    The questionnaire is also an honest mirror. If you cannot truthfully check the boxes today, you have a roadmap of what to address before renewal. Insurance is no longer a substitute for security. It is an outcome of it.

    Realm Defense helps small businesses in Ventura County prepare for cyber insurance renewals with structured assessments, control implementation, and the documentation underwriters expect. Reach out before your renewal window and we will walk through the questionnaire with you.