Cyber insurance used to be a checkbox. Now it is a questionnaire with teeth, and getting the answers wrong can void a claim or spike your premium. Here is what underwriters are asking for in 2026.
Multi-factor authentication, everywhere
Not just email, remote access, admin accounts, and VPN too. Insurers increasingly require evidence, not just a yes. If you claim MFA and a breach shows it was not enforced, expect the claim to be denied.
Endpoint detection and response (EDR)
Traditional antivirus is no longer sufficient on the form. Underwriters want EDR that can detect and isolate threats in real time across every device.
Tested, offline backups
Having backups is not enough, you must show they are isolated from the network and that you have actually restored from them. Ransomware specifically targets connected backups.
Security awareness training
Documented, recurring training for staff. The human layer is still where most incidents begin, and insurers know it.
The takeaway
Treat the renewal questionnaire as a security roadmap. Every requirement on it is a control that genuinely reduces your risk, and meeting them honestly is what keeps your coverage valid when you need it most.
The five phishing patterns every small business will see this quarter
