If your cyber insurance renewal is approaching, the application will look different from last time. Insurers have moved beyond generic questionnaires.They now ask detailed questions about your security controls. They also expect clear proof that these controls are active, enforced, and tested. A verbal confirmation that you “have MFA” is no longer enough.
For SMEs, this shift can feel overwhelming. The questions reference tools and processes that your team may not manage directly, and assembling the evidence often falls between your IT provider and your internal admin with no clear owner. The result is a last-minute scramble, higher premiums, or in some cases, declined coverage.
This blog explains what UK cyber insurers ask for in 2026. It also outlines the evidence needed for each requirement and how to build a proof pack before your renewal.
What Insurers Are Asking For in 2026
Underwriting has become technical. Carrier applications and renewal questionnaires now routinely cover six areas, and they want evidence for each.
Multi-factor authentication. Insurers want to see MFA enforced on email, remote access, VPN and all administrative accounts. Partial coverage (MFA on email but not on remote desktop, for example) is specifically flagged. Microsoft reports that MFA blocks over 99% of account compromise attacks, which is why it tops every insurer’s checklist.
Endpoint detection and response. Traditional antivirus no longer satisfies underwriters. They expect EDR or managed detection and response running on all endpoints, with evidence of 24/7 monitoring and active response capability. If you use Huntress Managed EDR, your provider dashboard shows deployment coverage, alert history and response timelines, all of which map directly to what insurers ask for.
Backup and recovery. Insurers ask if you have backups in place, whether you keep them isolated or immutable so ransomware cannot encrypt them, and if you test restores regularly. If you have never tested a backup, insurers will not consider it reliable.
Incident response plan. A written incident response plan with named contacts, defined escalation steps and evidence that it has been tested (even a simple tabletop exercise) is now a standard underwriting requirement. Insurers often ask for the date of the last test and any remediation actions that followed.
Security awareness training. Insurers want evidence that staff receive regular training and that phishing simulations are part of the programme. A single annual session no longer satisfies most carriers. Managed security awareness training with monthly modules and automated reporting gives you exactly the documentation they expect.
Patching and vulnerability management. Carriers ask about your patching cadence for critical vulnerabilities. Insurers expect you to apply critical patches within 14 to 30 days. They also expect you to remove end-of-life software or carry out a formal risk assessment.
How to Build the Evidence Pack
Start assembling documentation 60 to 90 days before your renewal date. Rushing this in the final week leads to gaps, and gaps lead to follow-up questions, higher premiums or declined coverage.
For each of the six areas above, prepare a simple evidence file. This should include screenshots of MFA policies and EDR deployment reports. It should also cover backup test logs with dates and a copy of your incident response plan. Include training reports, phishing simulation results, and patch management reports showing update frequency.
If your IT provider manages these controls for you, ask them to compile this pack as part of their service. A good managed IT provider should be able to produce most of this from their existing dashboards and reporting tools.
Does Cyber Essentials Help with Insurance?
Yes. Holding Cyber Essentials certification demonstrates that your business meets a government-backed baseline of security controls. Many UK insurers recognise it as a positive signal during underwriting, and some specifically ask whether you hold it.
Cyber Essentials does not replace the evidence pack, but it covers key areas such as access control, patching, malware protection, and secure configuration. It also gives insurers confidence that these basics are formally verified rather than self-declared.
The Cost of Getting This Wrong
Businesses that cannot provide adequate evidence at renewal face three outcomes: significantly higher premiums, reduced coverage with broader exclusions, or outright refusal. In a market where the Cyber Security and Resilience Bill is increasing regulatory expectations across supply chains, having your insurance declined creates a compounding problem.
The controls insurers ask about are the same controls that protect your business from the incidents insurance is designed to cover. Investing in them reduces your premium and reduces your risk at the same time.
Get Your Evidence Pack Ready Before Renewal
If your renewal is coming up and you are not sure whether your current setup meets insurer expectations, contact The Unite Group for an insurance readiness audit. We deliver every control insurers ask about, from managed EDR and security awareness training to backup management and incident response support, and we can assemble your evidence pack as part of our managed IT service.