New for 2026: Insurers are now declining cover when basic controls cannot be evidenced. Download the checklist before your next renewal.

  • ISO 27001 Certified

  • Cyber Essentials Certified

  • MSP Awards 2025

Free download: cyber insurance renewal

47 Questions

Your Insurer Will Ask at Renewal

And the controls you need to evidence before they ask

Cyber insurance renewal forms are becoming more demanding.

For many SMEs, the uncomfortable moment comes when the insurer asks for evidence that basic security controls are genuinely in place, not just that they exist on paper.


  • Free, no strings attached

  • Instant PDF download

  • Written for SME owners, not IT teams

5 sections Access controls, patching, backups, incident response, and supplier risk

47 questions Every question your insurer is likely to ask, with guidance on what evidence to prepare

Red flags The 12 answers most likely to increase your premium or trigger a coverage gap

Action notes Plain-English guidance on what to fix if you cannot answer yes

Free download

Get the 47-Question Checklist

What is inside

Five sections. 47 questions. No guesswork.

The checklist mirrors the structure most UK cyber insurers now use at renewal.

Work through it before your renewal conversation and you will know exactly where you stand.

12

Access control questions

MFA, privileged accounts, shared credentials, offboarding processes, and admin access reviews. The area most policies now treat as mandatory.

9

Patching and update questions

Software currency, vulnerability management, end-of-life systems, and whether your patching can be evidenced. Increasingly used to price risk.

8

Backup and recovery questions

Backup frequency, offsite copies, immutable storage, tested recovery, and documented recovery time objectives. Insurers want evidence of tested backups, not just that backups exist.

10

Incident response questions

Whether a plan exists, who owns it, whether it has been tested, and what your notification obligations are under GDPR if a breach occurs.

8

Access control questions

Supply chain security, MSP access controls, contractor credential management, and whether third parties who access your data meet a security standard.

12

Red flag answers identified

The 12 specific answers most likely to result in a premium increase, a sub-limit, or a coverage exclusion. Know them before your broker asks.

Who this is for

Right for you if any of these apply

This checklist is written for business owners and operations leads, not IT managers. No jargon. No assumed technical knowledge. Just the questions and what your answers mean.

Your cyber insurance renews in the next 3 to 6 months and you want to know what to expect

Your premium increased at the last renewal and you were not sure why

You are applying for cyber insurance for the first time and want to understand what controls are expected

You want to identify which security gaps to fix before the renewal form lands

Sample questions from the checklist

What insurers are actually asking in 2026

These are representative examples from the full 47-question checklist. The flag shows, in our experience how each answer typically affects your premium or cover.

Q1

Is multi-factor authentication enforced on all cloud services including email, file storage, and remote access tools?

High impact

Q7

Can you evidence that critical security patches are applied within 14 days of release?

High impact

Q14

Have your backups been tested in the last 90 days and is the test result documented?

Premium Risk

Q22

Do you have a documented process for removing access when a staff member leaves?

Premium Risk

Q31

Does your managed IT provider use multi-factor authentication to access your systems?

Required

Q38

Has your incident response plan been reviewed in the last 12 months?

Premium Risk

+ 41 more questions in the full checklist, with guidance on what each answer means for your cover

ISO 27001 Certified

Cyber Essentials Certified

MSP Awards 2025 - Best Use of AI

MSP 501 Recognised

BBC Cyber Siege Documentary

Darlington, North East - since 1998

This checklist is produced by Bondgate IT, a managed IT and cyber security provider based in Darlington. We have supported North East businesses with IT and security since 1998 and hold ISO 27001 certification, Cyber Essentials certification, and MSP 501 recognition.

We have worked with numerous North East SMEs through cyber insurance renewals and incidents, including being featured in the BBC documentary Cyber Siege: From Russia to Redcar, which examined the £10 million ransomware attack on Redcar and Cleveland Borough Council.

The checklist reflects what UK insurers are actually asking in 2026, based on renewal forms we have seen across a range of sectors and insurers in the North East and UK-wide.

47

Know your answers before your insurer asks

Free download. No commitment. Instant access to the full 47-question checklist.

Bondgate IT Services Ltd, Newham House, Dudley Road, Darlington, DL1 4GG  |  01325 369 950  |  bondgate.co.uk