951-717-3576 Book a Free Check
Compliance · Cyber Insurance

Cyber insurance got stricter. We make sure you can honestly answer “yes.”

Renewal questionnaires now ask whether you have MFA everywhere, EDR on every device, tested isolated backups, and a written incident-response plan — and a wrong answer can void the policy when you need it most. Here’s plain English on what carriers actually require in 2026, how we put each control in place, and how we document it so you can answer the application truthfully and keep your coverage.

Book a free cyber-insurance readiness review → Or call Craig: 951-717-3576
If a renewal questionnaire just landed on your desk…

The application is now an attestation — and it gets checked after a claim.

Cyber insurers used to take your word for it. In 2026 they want proof at renewal, and their forensic team re-checks it if you ever file a claim. If what they find doesn’t match what you signed, the carrier can deny — or unwind — the policy. The four controls below are the ones that decide most renewals. Here’s what each means, how we put it in place, and the evidence we hand you to back it up.

What underwriters require in 2026

The four controls that decide your renewal.

  • MFA everywhere — email, remote access, and every admin account. The #1 reason applications get declined.
  • EDR on every device — including servers — monitored 24/7. Antivirus alone no longer counts.
  • Immutable, tested backups — isolated so ransomware can’t encrypt them too, with a restore you’ve actually tested.
  • A written, tested incident-response plan — so you’d know the first hour cold, not improvise it.
Requirement → how we implement → how we document

For the practices we manage, we don’t just check the box — we build the proof.

This is the program we run for clients: we put each control in place and maintain the evidence behind it — the documentation an underwriter asks for, and that a forensic team would accept after a claim. Most IT shops can turn a control on; few produce the proof. That’s the difference.

MFA everywhere

What underwriters ask

Carriers now ask, line by line, whether multi-factor authentication is enforced on email, remote access (VPN/RDP), every admin account, and the backup console — on every account, not “most.” App-based or hardware MFA scores higher than text-message codes.

How we implement it

Microsoft Entra ID Conditional Access enforces app-based MFA (with number-matching) plus hardware keys for admins — across email, all cloud apps, remote access, and backup consoles. Legacy sign-in methods are blocked and there are no shared admin logins.

How we document it

A Conditional Access policy export plus a per-account coverage table — with shared mailboxes and service accounts accounted for and any exceptions documented and compensated — that you can hand your broker.

EDR on every endpoint — including servers

What underwriters ask

They want monitored endpoint detection & response (EDR/MDR) on all endpoints and servers, with 24/7 response — not the antivirus that came with the computers, and not a dashboard nobody watches at 2am.

How we implement it

Huntress Managed EDR runs on every workstation and server, backed by a 24/7 security operations center that triages threats and can isolate a compromised device. Identity-threat detection covers your Microsoft 365 sign-ins.

How we document it

A coverage report reconciling every device against our asset inventory (100%, servers included) plus confirmation of the 24/7 SOC monitoring behind it.

Immutable, tested backups

What underwriters ask

Two questions — and the second is where most offices fail: are backups isolated from the network or immutable, and what is the date of your last successful restore test?

How we implement it

Microsoft 365 is backed up independently, and critical data lands in immutable, object-locked storage that ransomware can’t alter or delete — even with stolen credentials. The backup console is MFA-protected and separate from day-to-day logins.

How we document it

The immutability configuration plus a dated restore-test log — what was restored, when, and how long it took — so “when did you last test a restore?” has a real answer.

A written — and tested — incident-response plan

What underwriters ask

A written plan isn’t enough anymore: carriers ask whether it has been exercised (a tabletop in the last 12 months) and whether it maps to your breach-notification obligations.

How we implement it

A plan written for your office — roles, containment, recovery, and the HIPAA / California CMIA notification clock — exercised with your team in an annual tabletop, with a named incident-response firm and breach counsel ready before you need them.

How we document it

The plan itself plus a dated tabletop record (scenario, who took part, what we found and fixed).

And the controls creeping onto 2026 applications — we cover and document these too:

  • Email filtering + DMARC / SPF / DKIM
  • Security-awareness training + phishing tests
  • Privileged access management (no standing admin)
  • Network segmentation
  • End-of-life software inventory
  • Patch & vulnerability management
  • Disk encryption (BitLocker)
Not sure where you stand?

Run the free 9-point check.

See in two minutes which controls you’d have in place today — and exactly which gaps would get you declined or surcharged — before you fill out the application.

Check my cyber-insurance readiness →

The point of all this

So you can answer the application honestly — and show your work.

When we run your environment, the answers on your renewal questionnaire are true, and we can produce the evidence behind every one. That’s the whole goal: no dread, no guessing, no signing an attestation you can’t back up.

We supply the technical facts; you sign the application. We document the controls we manage for you, as of a stated date. You — together with your licensed insurance broker and carrier — review, complete, and sign your insurance application, and you own the accuracy of every answer in it. We don’t fill out, certify, or sign insurance applications for anyone.

Important — Simon Says Systems is not an insurance broker, agent, or producer.

Simon Says Systems (SSS) is an information-technology and security services provider. SSS is not a licensed insurance broker, agent, producer, or adviser, and nothing on this page or in any report, checklist, or assessment SSS provides is insurance advice, a recommendation to buy, place, or change any insurance, or an offer or solicitation of insurance.

SSS does not sell, solicit, negotiate, place, recommend, or advise on insurance, insurance coverage, policy limits, carriers, or premiums. All decisions about whether to obtain cyber or any other insurance, what coverage and limits to buy, and which carrier or broker to use are made solely by you in consultation with your own licensed insurance broker, agent, or carrier.

Implementing security controls — such as multi-factor authentication, endpoint detection and response, tested backups, and a written incident-response plan — can strengthen your overall security posture and may be relevant to how insurers evaluate risk. However, SSS does not guarantee, warrant, or represent that you will qualify for insurance, that any application will be approved, that any particular premium or terms will be offered, or that any claim will be covered or paid. Insurability, underwriting, pricing, and claim decisions are made entirely by insurers under the terms of your policy.

You are responsible for all answers and attestations on any insurance application or questionnaire. SSS can supply technical facts and documentation about the IT and security controls SSS manages or observes for you. You, together with your licensed broker and carrier, are solely responsible for reviewing, completing, signing, and submitting your insurance application, and for the accuracy and completeness of every answer and representation in it. SSS does not complete, sign, certify, or warrant insurance applications, questionnaires, or attestations on your behalf. Any documentation SSS provides describes specific controls as of a stated date and is not a certification of compliance with any insurer’s requirements.

This page is general information, not legal, insurance, or compliance advice for your specific situation. Consult your own licensed advisers before making any insurance decision.

Going into renewal? Let’s make sure you can answer yes.

Book a free cyber-insurance readiness review. We’ll check your setup against what carriers require for 2026, close any gaps, and give you the documentation underwriters ask for — no obligation, and we never ask for patient or client information.

Book a free cyber-insurance readiness review Call 951-717-3576
📞 Tap to call Craig — 951-717-3576