# Bondgate IT Services Limited > Your business can rely on our support. Language: en URL: https://www.bondgate.co.uk/ All pages on this site are available as clean Markdown by adding the header `Accept: text/markdown` to any HTTP request. REST API: https://www.bondgate.co.uk/wp-json/mescio-for-agents/v1/markdown?url={page_url} ## Pages - [Ransomware Recovery Services – Wallsend](https://www.bondgate.co.uk/ransomware-recovery-services-wallsend/): Ransomware Recovery Services - Wallsend Fast, expert ransomware recovery to get your Wallsend business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Wynyard](https://www.bondgate.co.uk/ransomware-recovery-services-wynyard/): Ransomware Recovery Services - Wynyard Fast, expert ransomware recovery to get your Wynyard business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Hartburn](https://www.bondgate.co.uk/ransomware-recovery-services-hartburn/): Ransomware Recovery Services - Hartburn Fast, expert ransomware recovery to get your Hartburn business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Eaglescliffe](https://www.bondgate.co.uk/ransomware-recovery-services-eaglescliffe/): Ransomware Recovery Services - Eaglescliffe Fast, expert ransomware recovery to get your Eaglescliffe business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Shildon](https://www.bondgate.co.uk/ransomware-recovery-services-shildon/): Ransomware Recovery Services - Shildon Fast, expert ransomware recovery to get your Shildon business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Ferryhill](https://www.bondgate.co.uk/ransomware-recovery-services-ferryhill/): Ransomware Recovery Services - Ferryhill Fast, expert ransomware recovery to get your Ferryhill business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Crook](https://www.bondgate.co.uk/ransomware-recovery-services-crook/): Ransomware Recovery Services - Crook Fast, expert ransomware recovery to get your Crook business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Catterick Garrison](https://www.bondgate.co.uk/ransomware-recovery-services-catterick-garrison/): Ransomware Recovery Services - Catterick Garrison Fast, expert ransomware recovery to get your Catterick Garrison business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of - [Ransomware Recovery Services – Richmond](https://www.bondgate.co.uk/ransomware-recovery-services-richmond/): Ransomware Recovery Services - Richmond Fast, expert ransomware recovery to get your Richmond business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Northallerton](https://www.bondgate.co.uk/ransomware-recovery-services-northallerton/): Ransomware Recovery Services - Northallerton Fast, expert ransomware recovery to get your Northallerton business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Spennymoor](https://www.bondgate.co.uk/ransomware-recovery-services-spennymoor/): Ransomware Recovery Services - Spennymoor Fast, expert ransomware recovery to get your Spennymoor business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Yarm](https://www.bondgate.co.uk/ransomware-recovery-services-yarm/): Ransomware Recovery Services - Yarm Fast, expert ransomware recovery to get your Yarm business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Billingham](https://www.bondgate.co.uk/ransomware-recovery-services-billingham/): Ransomware Recovery Services - Billingham Fast, expert ransomware recovery to get your Billingham business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Thornaby](https://www.bondgate.co.uk/ransomware-recovery-services-thornaby/): Ransomware Recovery Services - Thornaby Fast, expert ransomware recovery to get your Thornaby business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Chester-le-Street](https://www.bondgate.co.uk/ransomware-recovery-services-chester-le-street/): Ransomware Recovery Services - Chester-le-Street Fast, expert ransomware recovery to get your Chester-le-Street business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Seaham](https://www.bondgate.co.uk/ransomware-recovery-services-seaham/): Ransomware Recovery Services - Seaham Fast, expert ransomware recovery to get your Seaham business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Peterlee](https://www.bondgate.co.uk/ransomware-recovery-services-peterlee/): Ransomware Recovery Services - Peterlee Fast, expert ransomware recovery to get your Peterlee business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Guisborough](https://www.bondgate.co.uk/ransomware-recovery-services-guisborough/): Ransomware Recovery Services - Guisborough Fast, expert ransomware recovery to get your Guisborough business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Sedgefield](https://www.bondgate.co.uk/ransomware-recovery-services-sedgefield/): Ransomware Recovery Services - Sedgefield Fast, expert ransomware recovery to get your Sedgefield business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Bedale](https://www.bondgate.co.uk/ransomware-recovery-services-bedale/): Ransomware Recovery Services - Bedale Fast, expert ransomware recovery to get your Bedale business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Leyburn](https://www.bondgate.co.uk/ransomware-recovery-services-leyburn/): Ransomware Recovery Services - Leyburn Fast, expert ransomware recovery to get your Leyburn business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Morpeth](https://www.bondgate.co.uk/ransomware-recovery-services-morpeth/): Ransomware Recovery Services - Morpeth Fast, expert ransomware recovery to get your Morpeth business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Berwick-upon-Tweed](https://www.bondgate.co.uk/ransomware-recovery-services-berwick-upon-tweed/): Ransomware Recovery Services - Berwick-upon-Tweed Fast, expert ransomware recovery to get your Berwick-upon-Tweed business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Ashington](https://www.bondgate.co.uk/ransomware-recovery-services-ashington/): Ransomware Recovery Services - Ashington Fast, expert ransomware recovery to get your Ashington business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Blyth](https://www.bondgate.co.uk/ransomware-recovery-services-blyth/): Ransomware Recovery Services - Blyth Fast, expert ransomware recovery to get your Blyth business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Cramlington](https://www.bondgate.co.uk/ransomware-recovery-services-cramlington/): Ransomware Recovery Services - Cramlington Fast, expert ransomware recovery to get your Cramlington business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Whitley Bay](https://www.bondgate.co.uk/ransomware-recovery-services-whitley-bay/): Ransomware Recovery Services - Whitley Bay Fast, expert ransomware recovery to get your Whitley Bay business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of - [Ransomware Recovery Services – South Shields](https://www.bondgate.co.uk/ransomware-recovery-services-south-shields/): Ransomware Recovery Services - South Shields Fast, expert ransomware recovery to get your South Shields business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of - [Ransomware Recovery Services – Jarrow](https://www.bondgate.co.uk/ransomware-recovery-services-jarrow/): Ransomware Recovery Services - Jarrow Fast, expert ransomware recovery to get your Jarrow business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Alnwick](https://www.bondgate.co.uk/ransomware-recovery-services-alnwick/): Ransomware Recovery Services - Alnwick Fast, expert ransomware recovery to get your Alnwick business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Hexham](https://www.bondgate.co.uk/ransomware-recovery-services-hexham/): Ransomware Recovery Services - Hexham Fast, expert ransomware recovery to get your Hexham business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Knaresborough](https://www.bondgate.co.uk/ransomware-recovery-services-knaresborough/): Ransomware Recovery Services - Knaresborough Fast, expert ransomware recovery to get your Knaresborough business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Harrogate](https://www.bondgate.co.uk/ransomware-recovery-services-harrogate/): Ransomware Recovery Services - Harrogate Fast, expert ransomware recovery to get your Harrogate business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Ripon](https://www.bondgate.co.uk/ransomware-recovery-services-ripon/): Ransomware Recovery Services - Ripon Fast, expert ransomware recovery to get your Ripon business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Houghton-le-Spring](https://www.bondgate.co.uk/ransomware-recovery-services-houghton-le-spring/): Ransomware Recovery Services - Houghton-le-Spring Fast, expert ransomware recovery to get your Houghton-le-Spring business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Washington](https://www.bondgate.co.uk/ransomware-recovery-services-washington/): Ransomware Recovery Services - Washington Fast, expert ransomware recovery to get your Washington business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Sunderland](https://www.bondgate.co.uk/ransomware-recovery-services-sunderland/): Ransomware Recovery Services - Sunderland Fast, expert ransomware recovery to get your Sunderland business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Gateshead](https://www.bondgate.co.uk/ransomware-recovery-services-gateshead/): Ransomware Recovery Services - Gateshead Fast, expert ransomware recovery to get your Gateshead business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of software that - [Ransomware Recovery Services – Newcastle upon Tyne](https://www.bondgate.co.uk/ransomware-recovery-services-newcastle-upon-tyne/): Ransomware Recovery Services - Newcastle upon Tyne Fast, expert ransomware recovery to get your Newcastle upon Tyne business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty - [Ransomware Recovery Services – Barnard Castle](https://www.bondgate.co.uk/ransomware-recovery-services-barnard-castle/): Ransomware Recovery Services - Barnard Castle Fast, expert ransomware recovery to get your Barnard Castle business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of - [Ransomware Recovery Services – Bishop Auckland](https://www.bondgate.co.uk/ransomware-recovery-services-bishop-auckland/): Ransomware Recovery Services - Bishop Auckland Fast, expert ransomware recovery to get your Bishop Auckland business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of - [Ransomware Recovery Services – Newton Aycliffe](https://www.bondgate.co.uk/ransomware-recovery-services-newton-aycliffe/): Ransomware Recovery Services - Newton Aycliffe Fast, expert ransomware recovery to get your Newton Aycliffe business back online securely What is Ransomware? Our Recovery Process Why Choose Us Prevention Tips FAQ What is Ransomware? Ransomware is a nasty piece of - [Managed IT Support Sunderland](https://www.bondgate.co.uk/managed-it-support-sunderland/): Managed IT Support Sunderland Flexible managed IT support – supporting your Sunderland IT infrastructure and managing your technology investment. Your business can rely on our support. IT Support Sunderland Flexible IT support and management – supporting your IT infrastructure and - [Managed IT Support Gateshead](https://www.bondgate.co.uk/managed-it-support-gateshead/): Managed IT Support Gateshead Flexible managed IT support – supporting your Gateshead IT infrastructure and managing your technology investment. Your business can rely on our support. IT Support Gateshead Flexible IT support and management – supporting your IT infrastructure and - [Managed IT Support Newcastle upon Tyne](https://www.bondgate.co.uk/managed-it-support-newcastle-upon-tyne/): Managed IT Support Newcastle upon Tyne Flexible managed IT support – supporting your Newcastle upon Tyne IT infrastructure and managing your technology investment. Your business can rely on our support. IT Support Newcastle upon Tyne Flexible IT support and management - [Managed IT Support Hexham](https://www.bondgate.co.uk/managed-it-support-hexham/): Managed IT Support Hexham Flexible managed IT support – supporting your Hexham IT infrastructure and managing your technology investment. Your business can rely on our support. IT Support Hexham Flexible IT support and management – supporting your IT infrastructure and - [Managed IT Support Alnwick](https://www.bondgate.co.uk/managed-it-support-alnwick/): Managed IT Support Alnwick Flexible managed IT support – supporting your Alnwick IT infrastructure and managing your technology investment. Your business can rely on our support. IT Support Alnwick Flexible IT support and management – supporting your IT infrastructure and - [Managed IT Support Morpeth](https://www.bondgate.co.uk/managed-it-support-morpeth/): Managed IT Support Morpeth Flexible managed IT support – supporting your Morpeth IT infrastructure and managing your technology investment. Your business can rely on our support. IT Support Morpeth Flexible IT support and management – supporting your IT infrastructure and - [Managed IT Support Berwick-upon-Tweed](https://www.bondgate.co.uk/managed-it-support-berwick-upon-tweed/): Managed IT Support Berwick-upon-Tweed Flexible managed IT support – supporting your Berwick-upon-Tweed IT infrastructure and managing your technology investment. Your business can rely on our support. IT Support Berwick-upon-Tweed Flexible IT support and management – supporting your IT infrastructure and - [Managed IT Support Ashington](https://www.bondgate.co.uk/managed-it-support-ashington/): Managed IT Support Ashington Flexible managed IT support – supporting your Ashington IT infrastructure and managing your technology investment. Your business can rely on our support. IT Support Ashington Flexible IT support and management – supporting your IT infrastructure and ## Blog Posts - [Cyber Insurance Renewal Checklist](https://www.bondgate.co.uk/cybersecurity/cyber-insurance-renewal/) (2026-05-14): 47 questions every SME should answer before cyber insurance renewal. Identify gaps in MFA, backups, EDR and compliance before your renewal form arrives. - [Why Bondgate IT Doesn’t Run Its Own SOC](https://www.bondgate.co.uk/cybersecurity/why-bondgate-it-doesnt-run-own-soc/) (2026-05-06): We could build a Security Operations Centre. We've chosen not to. Here's why structural independence between your MSP and your SOC protects your business better than the alternative, and why "we own everything end-to-end" is starting to look less like a strength and more like a conflict of interest. - [DSPT 2025/26](https://www.bondgate.co.uk/compliance/dspt-2025-26-guide/) (2026-05-05): Most organisations do not ignore DSPT. It sits on the list, gets discussed, and there is usually a broad expectation that it will get done. Then June arrives and the tone changes. Questions start surfacing that no one can answer quickly. Where is the training evidence? Who last reviewed access permissions? Has anyone checked whether your suppliers meet the required standard? At that point, the issue is whether the organisation can stand behind what it believes is in place. That gap between belief and proof is where pressure builds and where risk sits. - [Cyber Essentials v3.3: What Darlington and North East SMEs Need to Do Before 27 April 2026](https://www.bondgate.co.uk/cybersecurity/cyber-essentials/cyber-essentials-v3-3-darlington-north-east/) (2026-04-23): If you run an SME in Darlington, Tees Valley or the wider North East, Cyber Essentials v3.3 is not just another minor update. From 27 April 2026, the standard becomes clearer and stricter around cloud services, end-user devices, MFA, patching and supported software. Published: 27 April 2026 | By Bondgate IT - [Cyber Security Is No Longer Optional: What UK SMEs Need to Focus on Now](https://www.bondgate.co.uk/cybersecurity/cyber-security-is-no-longer-optional/) (2026-03-30): Cyber security for SMEs in the UK is no longer a background IT concern. It is an operational issue that sits with leadership. Many businesses believe they are protected because they have antivirus, firewalls, and backups in place. Yet attacks continue to land, not because tools fail, but because control, visibility, and ownership are unclear. - [Cyber Essentials v3.3: Why Cyber Security Is Now a Board Responsibility](https://www.bondgate.co.uk/cybersecurity/cyber-essentials-v3-3-board-accountability/) (2026-03-04): From 28 April 2026, Cyber Essentials v3.3 requires a director or board-level representative to confirm that the organisation will maintain compliance with Cyber Essentials controls throughout the certification period. This change shifts Cyber Essentials from a technical checklist to a governance responsibility. Leadership must now ensure scope is defined, access is controlled, updates are maintained, and compliance does not drift between renewals. For SMEs, this means cyber security is no longer delegated solely to IT. It becomes a board-level accountability issue linked to operational risk, regulatory exposure, supply chain credibility, and insurance expectations. Organisations preparing for 2026 certification should focus on ownership, scope clarity, privileged access review, and establishing a structured compliance rhythm. - [The human factor in cyber security, with Dan Gardner from Bondgate IT](https://www.bondgate.co.uk/cybersecurity/the-human-factor-in-msp-security-with-dan-gardner-from-bondgate-it/) (2026-02-18): Stop treating staff as the weak link. Learn how Bondgate IT uses education, relevance, and trust to cut phishing risk and improve reporting culture. - [New Financial Year Planning: Why Your IT Roadmap Matters More Than Ever](https://www.bondgate.co.uk/business/new-financial-year-it-roadmap-planning/) (2026-02-10): As April approaches, leadership teams across the UK are entering a familiar planning cycle. Budgets are being refined, forecasts reviewed, and difficult trade-offs discussed. Growth targets are set alongside cost pressures, recruitment plans, and rising expectations around security and resilience. - [Damien Harrison Elected to GTIA UK & Ireland Executive Council](https://www.bondgate.co.uk/pr/damien-harrison-elected-gtia-uk-ireland-executive-council-2026/) (2026-01-26): Bondgate IT has announced that Damien Harrison has been elected to the 2026 GTIA UK & Ireland Executive Council, representing the UK & Ireland community and contributing real-world insight to peer-led industry leadership. - [Responsible AI Adoption for UK Businesses Starts With Cyber Security](https://www.bondgate.co.uk/ai/responsible-ai-adoption-uk-businesses/) (2025-12-19): Responsible AI adoption for UK businesses requires strong cyber security, ethical governance, and leadership accountability. This guide explains how organisations can adopt AI safely using a crawl, walk, run framework, and why Bondgate IT’s approach has been recognised as MSP with the Best Use of AI. - [Marketing Campaign of the Year. Recognition for leadership, not noise.](https://www.bondgate.co.uk/business/award-winning/cyber-security-leadership-uk-award/) (2025-12-19): Cyber security leadership in the UK is becoming a board-level responsibility. This award recognises how Bondgate IT, NEBRC Cyber Expert Garry Brown, and the wider team are leading that conversation nationally. - [AI Governance for UK Organisations: Why Your Staff Are Already Using AI and What To Do About It](https://www.bondgate.co.uk/ai/ai-governance-for-uk-organisations-why-your-staff-are-already-using-ai-and-what-to-do-about-it/) (2025-11-28): This article explains why AI governance for UK organisations has become essential and how leaders can put the right controls in place without slowing their teams down. Most UK organisations think they are not using AI yet. In reality, staff already rely on tools like ChatGPT and Copilot without approval. This guide explains how to bring that use under control with clear AI governance, practical policies and Bondgate IT’s proven Crawl, Walk, Run approach. - [Bondgate IT Named Pax8 Beyond 2025 Peak Performance Cyber Security Partner](https://www.bondgate.co.uk/business/award-winning/bondgate-it-wins-pax8-beyond-2025-peak-performance-cyber-security-award/) (2025-10-10): Bondgate IT has been named the Pax8 Beyond 2025 Peak Performance – Cyber Security Partner, recognising the company’s leadership in delivering multi-layered, governance-driven cyber protection across the UK. The award highlights Bondgate IT’s ongoing commitment to raising awareness of cyber resilience — from its partnership with Pax8 to its national recognition through the BBC. - [Bondgate IT and Damien Harrison shortlisted at CyberNorth Awards 2025 | #CyberFest](https://www.bondgate.co.uk/cybersecurity/bondgate-it-and-damien-harrison-shortlisted-at-cybernorth-awards-2025-cyberfest/) (2025-10-06): Bondgate IT and Damien Harrison shortlisted for the CyberNorth Awards 2025. Damien is up for Rising Star, and Bondgate IT is in the running for Business or Cyber Team of the Year at #CyberFest on 22 October. Read how Tees Valley talent is shaping cyber resilience across the North East. - [Collins Aerospace Cyberattack: How One Software Outage Ground Europe’s Airports to a Halt](https://www.bondgate.co.uk/cybersecurity/collins-aerospace-cyberattack-supply-chain-risk/) (2025-09-22): On 20 September 2025, the Collins Aerospace cyberattack brought Europe’s airports to a standstill. From Heathrow to Berlin, check-in desks froze. Baggage systems failed. Passengers queued for hours as flights were cancelled by the hundreds. Brussels Airport even instructed airlines to abandon half of all scheduled departures. This wasn’t just an IT glitch. The Collins Aerospace cyberattack exposed the fragility of digital supply chains, a wake-up call for every business that relies on third-party systems. - [The Final Countdown: Are You Ready for the End of Windows 10 Support?](https://www.bondgate.co.uk/microsoft/windows/windows-10-end-of-support-countdown/) (2025-09-05): On 14th October 2025, Microsoft will end all support for Windows 10. That means no more security updates, no more patches, and no more official help. For SMEs in the North East, this isn’t just an IT milestone — it’s a business-critical deadline. Live countdown to Windows 10 end of support: - [What Is GRC? A Practical Guide to Governance, Risk, and Compliance](https://www.bondgate.co.uk/compliance/grc-framework-smes-regulated-industries/) (2025-09-05): If you’re unsure what Governance, Risk, and Compliance (GRC) means for your business, this guide breaks it down. From governance and risk management to compliance with GDPR, ISO 27001, and PART-IS, we explain why GRC matters for UK SMEs in regulated sectors. Read how Bondgate IT can help. - [Why OEMs Now Demand TISAX, VISAR & ISO 27001, And What UK Dealerships Must Do Next](https://www.bondgate.co.uk/compliance/tisax-for-dealerships-visar-iso27001/) (2025-09-02): Cybersecurity frameworks like TISAX, VISAR, and ISO 27001 are now required by OEMs including Volkswagen and Mercedes. This post explains what they mean for UK dealerships and how to prepare. - [Smart & Safe AI Policies to Use at Work](https://www.bondgate.co.uk/compliance/smart-safe-ai-policies-to-use-at-work/) (2025-08-19): AI tools are transforming business operations, but without a clear usage policy, they also introduce risk. This guide explains how to create a responsible AI usage policy that supports compliance, protects sensitive data, and empowers your team to use AI safely. Learn what to include, how to implement it, and how Bondgate can help you govern tools like ChatGPT and Copilot responsibly. - [6 NEW Outlook Tips & Tricks for 2025 That Save Hours](https://www.bondgate.co.uk/microsoft/6-new-outlook-tips-tricks-for-2025-that-save-hours/) (2025-08-14): The New Outlook 2025 is here, and it’s more than just a fresh look. From smarter search and pinned emails to My Day and easy app integrations, these six powerful features can help you save time, stay organised, and boost productivity. Discover how they work, and how Bondgate IT can help you get the most from Microsoft 365. - [The DSPT Deadline Has Passed: A Retrospective on Why Year-Round Cyber Resilience is Key](https://www.bondgate.co.uk/compliance/dspt-compliance-deadline-2025-cyber-resilience-healthcare/) (2025-07-30): As of July 30th, 2025, the clock has ticked past the DSPT compliance deadline. If you're in health, social care, or the non-profit sector, you know it's like running a marathon every June, juggling forms, chasing signatures, and ticking boxes. - [Windows 10 End of Support: What Businesses Need to Do Before October 14, 2025](https://www.bondgate.co.uk/microsoft/windows/windows-10-end-of-life-what-it-means-for-your-business-and-what-to-do-now/) (2025-07-24): Microsoft has confirmed that Windows 10 will reach end of support on 14 October 2025. If your organisation is still relying on Windows 10, now is the time to take action. After this date, Microsoft will no longer provide security updates, bug fixes, or technical support. That means your systems could be exposed to significant risk—without the protection or updates needed to stay secure and compliant. - [Bondgate IT Ranked Among World’s Top Managed Service Providers in 2025 MSP 501](https://www.bondgate.co.uk/business/award-winning/bondgate-it-msp-501-2025-top-ranked-north-east-uk/) (2025-07-21): Bondgate IT ranks #1 in the North East and among the top Managed Service Providers globally in the 2025 MSP 501 by Channel Futures. Recognised for excellence in IT support, cybersecurity, and business-aligned technology services, Bondgate continues to set the standard for SMEs across Darlington, Tees Valley, and beyond. - [Why Xero, Google & Microsoft Don’t Fully Back Up Your Cloud Data](https://www.bondgate.co.uk/business-continuity/cloud-backup-for-xero-google-microsoft/) (2025-07-08): Think Xero or Google automatically backs up your cloud data? They don’t. Learn the real risks, what backup protection actually looks like, and how to fix it. - [Award-Winning IT Support in the North East | Bondgate IT](https://www.bondgate.co.uk/business/award-winning/award-winning-it-support-north-east/) (2025-07-02): We’re proud to announce Bondgate IT has been recognised as Runner-Up for MSP/Service Provider of the Year at the 2025 GTIA Spotlight Awards. With over 2,000 members in the GTIA community, this national recognition is a huge win for our team, and for the entire North East tech community we proudly represent. - [How Much Could IT Downtime Really Cost Your Business?](https://www.bondgate.co.uk/business-continuity/how-much-could-it-downtime-really-cost-your-business/) (2025-06-05): Spoiler: It’s probably more than you think. IT outages are rarely just a tech issue. When your systems go down, it hits productivity, delays client work, damages trust, and if you're not prepared can wipe out thousands of pounds in - [Cybersecurity for SMEs: Garry Brown, Bondgate IT, and the NEBRC](https://www.bondgate.co.uk/cybersecurity/cybersecurity-for-smes-garry-brown-bondgate-it-and-the-nebrc/) (2025-06-02): Bondgate IT and Managing Director Garry Brown are working with the North East Business Resilience Centre (NEBRC) to provide practical cybersecurity support for SMEs across the North East, Yorkshire, and The Humber. Learn how this partnership is protecting local businesses from rising cyber threats. - [Bondgate IT Recognised as One of the UK’s Top Cybersecurity Companies](https://www.bondgate.co.uk/cybersecurity/top-uk-cybersecurity-company/) (2025-05-22): Bondgate IT has been named one of the UK’s top cybersecurity companies by DesignRush. Learn how our strategic, embedded approach to cybersecurity is helping businesses stay secure, scalable, and resilient in an age of digital threats. - [Why Cyberattacks on UK Retailers Are Rising and How to Respond](https://www.bondgate.co.uk/cybersecurity/uk-retail-cyberattacks-response-plan/) (2025-05-21): UK retailers are facing a sharp rise in cyberattacks, from phishing to ransomware. Garry Brown of Bondgate IT shares what business owners need to know and do now to protect their teams, data, and operations. - [Bondgate Cyber Security? Why the BBC Got Our Name Wrong, and What You Should Know About Bondgate IT](https://www.bondgate.co.uk/cybersecurity/bondgate-cyber-security/bondgate-cyber-security-why-the-bbc-got-our-name-wrong-and-what-you-should-know-about-bondgate-it/) (2025-05-20): After a BBC feature mistakenly called us “Bondgate Cyber Security,” we’re setting the record straight. Learn what Bondgate IT actually does, and how to choose the right tech partner. - [What UK Businesses Can Learn from Cyber Siege: From Russia to Redcar and the £10 Million Ransomware Attack](https://www.bondgate.co.uk/cybersecurity/what-uk-businesses-can-learn-from-redcars-10-million-ransomware-attack/) (2025-05-19): What UK Businesses Can Learn from Cyber Siege: From Russia to Redcar and the £10 Million Ransomware Attack Published by Bondgate IT | May 2025 As featured in the BBC’s Cyber Siege: From Russia to Redcar Cyber Siege: From Russia - [Aviation Cybersecurity Awareness: EASA Part-IS Training](https://www.bondgate.co.uk/uncategorized/cybersecurity-awareness-aviation-defence/) (2025-05-19): Technology alone isn't enough: your staff are your frontline defence in aviation cybersecurity. This article details common threats targeting employees, explains EASA Part-IS awareness training requirements, and offers practical methods to build a vigilant, security-aware culture within your aviation organisation. - [Cyber Security for SMEs: From the Boardroom to the Frontline](https://www.bondgate.co.uk/cybersecurity/cyber-security-for-smes-from-the-boardroom-to-the-frontline/) (2025-05-15): Cyber Security for SMEs: From the Boardroom to the Frontline Are you confident your SME could recover from a cyber attack? Do your staff know how to recognise phishing emails or secure business data? Small and medium-sized enterprises (SMEs) are - [Aviation Supply Chain Cyber Risk: EASA Part-IS Management](https://www.bondgate.co.uk/uncategorized/supply-chain-cyber-risk-aviation-manage/) (2025-05-12): Uncover the hidden cyber risks within your aviation supply chain. This article defines supply chain cyber risk, explains EASA Part-IS requirements for third-party security, and provides actionable strategies for managing vendor vulnerabilities and ensuring broader operational safety. - [🔒 Cybersecurity Best Practices for Law Firms](https://www.bondgate.co.uk/cybersecurity/cybersecurity-best-practices-for-law-firms/) (2025-05-07): The recent cybersecurity incident involving the UK's Legal Aid Agency (LAA) has underscored the critical importance of robust cybersecurity measures within the legal sector. The LAA, responsible for managing legal aid services across England and Wales, reported a security breach where it's possible that payment information related to legal aid providers may have been accessed by unauthorised parties. - [🖥️ Game Over for Windows 10: Are You Ready to Level Up?](https://www.bondgate.co.uk/microsoft/game-over-for-windows-10-are-you-ready-to-level-up/) (2025-04-29): Windows 10 support ends 14 October 2025. Bondgate IT helps Tees Valley businesses upgrade to Windows 11 with up to £400 cashback per device. Act early and stay secure. - [Cyber Essentials 2025: What the New Changes Mean for Your Business](https://www.bondgate.co.uk/cybersecurity/cyber-essentials/cyber-essentials-2025-what-the-new-changes-mean-for-your-business/) (2025-04-22): Cyber Essentials version 3.2 comes into force on 28 April 2025. If you’re an SME in the North East, you’ll need to meet new requirements around MFA, cloud configuration, remote working and software control. Learn what’s changing and how Bondgate IT can help you stay compliant. - [Is Your Law Firm’s IT Costing You More Than You Think? 5 Red Flags Legal Firms in the North East Can’t Afford to Ignore](https://www.bondgate.co.uk/it-management/is-your-law-firms-it-costing-you-more-than-you-think-5-red-flags-legal-firms-in-the-north-east-cant-afford-to-ignore/) (2025-04-22): Many law firms in the North East unknowingly suffer from slow systems, unpredictable IT costs, and compliance risks. Discover 5 warning signs your firm may need better managed IT support and how Bondgate IT can help. - [The Hidden Risk: Why Many IT Providers Can’t Help You with Part-IS](https://www.bondgate.co.uk/compliance/the-hidden-risk-why-many-it-providers-cant-help-you-with-part-is/) (2025-04-14): Your IT provider may not be equipped for EASA Part-IS compliance. This article exposes the gap between general IT support and specialised aviation cybersecurity, outlining key questions to ask and when to seek a dedicated compliance expert or vCISO. - [From Zero Day to Business Resilience: Why SMEs Need Robust Continuity Plans](https://www.bondgate.co.uk/business-continuity/from-zero-day-to-business-resilience-why-smes-need-robust-continuity-plans/) (2025-04-10): Netflix’s Zero Day paints a terrifying picture of cyber catastrophe—but real-world threats to SMEs are very real. Learn why a robust continuity plan is essential and how Bondgate IT can protect your business. - [Navigating the Transition: A Guide for North East Businesses to the Windows 10 End of Life](https://www.bondgate.co.uk/microsoft/navigating-the-transition-a-guide-for-north-east-businesses-to-the-windows-10-end-of-life/) (2025-03-25): Ensure a smooth transition from Windows 10 end of life by planning early, creating a detailed plan, communicating effectively, testing thoroughly, backing up data, and seeking expert help. - [The 5 Symptoms of Bad IT That Are Plaguing Your Business](https://www.bondgate.co.uk/it-management/the-5-symptoms-of-bad-it-that-are-plaguing-your-business/) (2025-03-17): Just like ignoring health issues can harm your well-being, neglecting IT problems can slow down your business. Bondgate IT identifies the 5 common symptoms of bad IT, from slow response times to costly "Band-Aid" fixes. Book your IT check-up at https://www.bondgate.co.uk/ithealthcheck and let us prescribe the right solutions to get your technology running smoothly again. We're here to be your trusted technology partner, ensuring your IT supports your business goals. - [Cyber Essentials vs ISO 27001 vs EASA Part-IS: What’s the Difference?](https://www.bondgate.co.uk/compliance/cyber-essentials-vs-iso-27001-vs-easa-part-is/) (2025-03-11): Understand the differences between Cyber Essentials, ISO 27001, and EASA Part-IS. See how they align, what they cover, and which one your aviation business really needs. - [Strengthen Your Cyber Defences: Mitigating Human Risk with Bondgate IT](https://www.bondgate.co.uk/cybersecurity/strengthen-your-cyber-defences-mitigating-human-risk-with-bondgate-it/) (2025-02-07): Reduce your risk of data breaches and financial losses with Bondgate IT's Human Risk Management. We empower your employees with the knowledge and skills to combat evolving cyber threats. Free Human Risk Assessment available. Contact us today! - [How to Build an ISMS for EASA Part-IS Compliance](https://www.bondgate.co.uk/compliance/build-isms-easa-part-is/) (2025-01-17): Learn how aviation SMEs can build an effective, manageable ISMS for EASA Part-IS compliance without unnecessary complexity or cost. Start with smart, scalable steps. - [What Is EASA Part-IS – And Why It’s a Game-Changer for Aviation SMEs](https://www.bondgate.co.uk/compliance/easa-part-is-aviation-smes-overview/) (2025-01-07): This article will break down EASA Part-IS into straightforward terms, clarify who needs to comply, explain why it was introduced, and show you how it will impact your daily operations. You’ll learn the key requirements and discover the tangible benefits of achieving compliance. By the end, you’ll have a clear understanding of your first steps towards meeting these vital new standards. This article is for any aviation SME owner, operator, or compliance manager feeling confused or concerned about the implications of EASA Part-IS. - [Peace of Mind for Tees Valley Business Directors: Your Essential Guide to Business Continuity and Disaster Recovery](https://www.bondgate.co.uk/business-continuity/peace-of-mind-for-tees-valley-business-directors-your-essential-guide-to-business-continuity-and-disaster-recovery/) (2025-01-06): As Business Directors, we're responsible for keeping our businesses financially healthy. But what happens when the unexpected hits? A cyberattack, a flood, a major IT outage – these events can cause chaos and financial strain. Business Continuity and Disaster Recovery (BCDR) is a plan that outlines how your business will continue operating during and after a major disruption. Bondgate IT can help you develop a robust, tailored BCDR plan. - [Ring in 2025 with Tech Confidence: Your IT Guide for Success in Darlington](https://www.bondgate.co.uk/business/ring-in-2025-with-tech-confidence-your-it-guide-for-success-in-darlington/) (2025-01-01): Is your business ready for the tech challenges of 2025? Explore five essential IT resolutions to enhance productivity, fortify cybersecurity, and ensure business continuity in Darlington and Tees Valley. - [Essential Cyber Hygiene Tips for 2025: Protecting Your Digital Life](https://www.bondgate.co.uk/cybersecurity/essential-cyber-hygiene-tips-for-2025-protecting-your-digital-life/) (2024-12-18): Cyber hygiene is a core part of a robust cybersecurity strategy. As Gary Brown, Managing Director of Bondgate IT and Cyber Expert for the NEBRC, puts it, 'It should be as second nature as locking your door at night - a regular, essential part of your every day.' Discover essential tips to make cyber hygiene a habit, from strengthening your passwords to recognising phishing scams. Empower yourself and your family with the knowledge to keep your data secure in 2025! - [AI-Powered Scams: How to Stay Safe Online This Christmas](https://www.bondgate.co.uk/cybersecurity/ai-powered-scams-how-to-stay-safe-online-this-christmas/) (2024-11-26): During the 2023 Christmas period, shoppers in the UK lost over £11.5 million to online scams, a considerable jump from the £10.6 million lost between November 2022 and January 2023. nShoppers in Tees Valley need to be particularly vigilant, as social media is a hotbed for these scams. In 2022, over half (51%) of reported fraud cases involved social media platforms. --- # Full Content --- title: "Cyber Insurance Renewal Checklist" url: "https://www.bondgate.co.uk/cybersecurity/cyber-insurance-renewal/" lang: "en-GB" type: "post" description: "47 questions every SME should answer before cyber insurance renewal. Identify gaps in MFA, backups, EDR and compliance before your renewal form arrives." last_modified: "2026-05-14T14:37:00+00:00" categories: [Cybersecurity] tags: [Board Accountability, Cyber Essentials, Cyber Insurance, Cybersecurity, Employee Cybersecurity, MDR, Security Operations Centre, SOC] custom_fields: wpbf_sidebar_position: "global" --- # Cyber Insurance Renewal Checklist     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Why Bondgate IT Doesn’t Run Its Own SOC" url: "https://www.bondgate.co.uk/cybersecurity/why-bondgate-it-doesnt-run-own-soc/" lang: "en-GB" type: "post" description: "We could build a Security Operations Centre. We've chosen not to. Here's why structural independence between your MSP and your SOC protects your business better than the alternative, and why \"we own everything end-to-end\" is starting to look less like a strength and more like a conflict of interest." last_modified: "2026-05-07T12:38:47+00:00" categories: [Cybersecurity] tags: [Board Accountability, Cyber Essentials, Cyber Insurance, Cybersecurity, DSPT, Managed Detection and Response, MDR, Security Operations Centre, SOC] custom_fields: wpbf_sidebar_position: "global" --- # Why Bondgate IT Doesn’t Run Its Own SOC     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "DSPT 2025/26" url: "https://www.bondgate.co.uk/compliance/dspt-2025-26-guide/" lang: "en-GB" type: "post" description: "Most organisations do not ignore DSPT. It sits on the list, gets discussed, and there is usually a broad expectation that it will get done.\n\nThen June arrives and the tone changes.\n\nQuestions start surfacing that no one can answer quickly. Where is the training evidence? Who last reviewed access permissions? Has anyone checked whether your suppliers meet the required standard?\n\nAt that point, the issue is whether the organisation can stand behind what it believes is in place. That gap between belief and proof is where pressure builds and where risk sits." last_modified: "2026-05-06T11:09:36+00:00" categories: [Compliance] tags: [Board Accountability, Cyber Essentials, Cyber Insurance, DSPT, Employee Cybersecurity, Managed Detection and Response, MDR, Security Operations Centre, SOC] custom_fields: wpbf_sidebar_position: "global" --- # DSPT 2025/26     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "IT Support Middlesbrough | Cyber Security & Managed IT | Bondgate IT" url: "https://www.bondgate.co.uk/it-support-middlesbrough/" lang: "en-GB" type: "page" description: "MIDDLESBROUGH AND NORTH EAST IT Support Middlesbrough Bondgate IT helps growing Middlesbrough and Tees Valley organisations stay secure, supported and strategically aligned without the stress of reactive IT. Run your business with IT that is secure, responsive and out of" last_modified: "2026-04-28T13:28:12+00:00" custom_fields: wpbf_sidebar_position: "global" --- # IT Support Middlesbrough | Cyber Security & Managed IT | Bondgate IT     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Cyber Essentials v3.3: What Darlington and North East SMEs Need to Do Before 27 April 2026" url: "https://www.bondgate.co.uk/cybersecurity/cyber-essentials/cyber-essentials-v3-3-darlington-north-east/" lang: "en-GB" type: "post" description: "If you run an SME in Darlington, Tees Valley or the wider North East, Cyber Essentials v3.3 is not just another minor update. From 27 April 2026, the standard becomes clearer and stricter around cloud services, end-user devices, MFA, patching and supported software.\n\nPublished: 27 April 2026 | By Bondgate IT" last_modified: "2026-04-23T12:17:50+00:00" categories: [Cyber Essentials, Cybersecurity] custom_fields: wpbf_sidebar_position: "global" --- # Cyber Essentials v3.3: What Darlington and North East SMEs Need to Do Before 27 April 2026     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Cyber Security Is No Longer Optional: What UK SMEs Need to Focus on Now" url: "https://www.bondgate.co.uk/cybersecurity/cyber-security-is-no-longer-optional/" lang: "en-GB" type: "post" description: "Cyber security for SMEs in the UK is no longer a background IT concern. It is an operational issue that sits with leadership.\n\nMany businesses believe they are protected because they have antivirus, firewalls, and backups in place. Yet attacks continue to land, not because tools fail, but because control, visibility, and ownership are unclear." last_modified: "2026-05-08T11:21:08+00:00" categories: [Cybersecurity] custom_fields: wpbf_sidebar_position: "global" --- # Cyber Security Is No Longer Optional: What UK SMEs Need to Focus on Now     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Cyber Essentials v3.3: Why Cyber Security Is Now a Board Responsibility" url: "https://www.bondgate.co.uk/cybersecurity/cyber-essentials-v3-3-board-accountability/" lang: "en-GB" type: "post" description: "From 28 April 2026, Cyber Essentials v3.3 requires a director or board-level representative to confirm that the organisation will maintain compliance with Cyber Essentials controls throughout the certification period. \n\nThis change shifts Cyber Essentials from a technical checklist to a governance responsibility. Leadership must now ensure scope is defined, access is controlled, updates are maintained, and compliance does not drift between renewals.\n\nFor SMEs, this means cyber security is no longer delegated solely to IT. It becomes a board-level accountability issue linked to operational risk, regulatory exposure, supply chain credibility, and insurance expectations.\n\nOrganisations preparing for 2026 certification should focus on ownership, scope clarity, privileged access review, and establishing a structured compliance rhythm." last_modified: "2026-04-09T12:49:18+00:00" categories: [Cyber Essentials, Cybersecurity] custom_fields: wpbf_sidebar_position: "global" --- # Cyber Essentials v3.3: Why Cyber Security Is Now a Board Responsibility     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "The human factor in cyber security, with Dan Gardner from Bondgate IT" url: "https://www.bondgate.co.uk/cybersecurity/the-human-factor-in-msp-security-with-dan-gardner-from-bondgate-it/" lang: "en-GB" type: "post" description: "Stop treating staff as the weak link. Learn how Bondgate IT uses education, relevance, and trust to cut phishing risk and improve reporting culture." last_modified: "2026-04-08T12:29:33+00:00" categories: [Cybersecurity] tags: [Cyber Hygiene, Cyber Threats, Cybersecurity, Dark Web Monitoring, Employee Cybersecurity, Human Risk Management, IT Security Tips, Phishing Awareness, Phishing Simulation, Ransomware Protection, Security Awareness Training, usecure, Workplace Cybersecurity] custom_fields: wpbf_sidebar_position: "global" --- # The human factor in cyber security, with Dan Gardner from Bondgate IT     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "New Financial Year Planning: Why Your IT Roadmap Matters More Than Ever" url: "https://www.bondgate.co.uk/business/new-financial-year-it-roadmap-planning/" lang: "en-GB" type: "post" description: "As April approaches, leadership teams across the UK are entering a familiar planning cycle. Budgets are being refined, forecasts reviewed, and difficult trade-offs discussed. Growth targets are set alongside cost pressures, recruitment plans, and rising expectations around security and resilience." last_modified: "2026-02-10T14:30:38+00:00" categories: [Business] custom_fields: wpbf_sidebar_position: "global" --- # New Financial Year Planning: Why Your IT Roadmap Matters More Than Ever     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Damien Harrison Elected to GTIA UK & Ireland Executive Council" url: "https://www.bondgate.co.uk/pr/damien-harrison-elected-gtia-uk-ireland-executive-council-2026/" lang: "en-GB" type: "post" description: "Bondgate IT has announced that Damien Harrison has been elected to the 2026 GTIA UK & Ireland Executive Council, representing the UK & Ireland community and contributing real-world insight to peer-led industry leadership." last_modified: "2026-01-26T12:55:59+00:00" categories: [News, PR] custom_fields: wpbf_sidebar_position: "global" --- # Damien Harrison Elected to GTIA UK & Ireland Executive Council     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "AI and Automation Services for UK Organisations" url: "https://www.bondgate.co.uk/ai-and-automation-services-for-uk-organisations/" lang: "en-GB" type: "page" description: "AI Readiness Assessment and Automation for UK Organisations Understand how AI is already being used in your business, identify risk, and introduce automation with structure and control. Most organisations are already using AI without visibility or control. Teams are experimenting" last_modified: "2026-05-01T14:45:07+00:00" custom_fields: wpbf_sidebar_position: "global" --- # AI and Automation Services for UK Organisations     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Responsible AI Adoption for UK Businesses Starts With Cyber Security" url: "https://www.bondgate.co.uk/ai/responsible-ai-adoption-uk-businesses/" lang: "en-GB" type: "post" description: "Responsible AI adoption for UK businesses requires strong cyber security, ethical governance, and leadership accountability. This guide explains how organisations can adopt AI safely using a crawl, walk, run framework, and why Bondgate IT’s approach has been recognised as MSP with the Best Use of AI." last_modified: "2025-12-19T13:38:16+00:00" categories: [AI] custom_fields: wpbf_sidebar_position: "global" --- # Responsible AI Adoption for UK Businesses Starts With Cyber Security     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Marketing Campaign of the Year. Recognition for leadership, not noise." url: "https://www.bondgate.co.uk/business/award-winning/cyber-security-leadership-uk-award/" lang: "en-GB" type: "post" description: "Cyber security leadership in the UK is becoming a board-level responsibility. This award recognises how Bondgate IT, NEBRC Cyber Expert Garry Brown, and the wider team are leading that conversation nationally." last_modified: "2025-12-19T08:44:33+00:00" categories: [Award Winning] custom_fields: wpbf_sidebar_position: "global" --- # Marketing Campaign of the Year. Recognition for leadership, not noise.     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "AI Governance for UK Organisations: Why Your Staff Are Already Using AI and What To Do About It" url: "https://www.bondgate.co.uk/ai/ai-governance-for-uk-organisations-why-your-staff-are-already-using-ai-and-what-to-do-about-it/" lang: "en-GB" type: "post" description: "This article explains why AI governance for UK organisations has become essential and how leaders can put the right controls in place without slowing their teams down.\n\nMost UK organisations think they are not using AI yet. In reality, staff already rely on tools like ChatGPT and Copilot without approval. This guide explains how to bring that use under control with clear AI governance, practical policies and Bondgate IT’s proven Crawl, Walk, Run approach." last_modified: "2025-11-28T16:39:46+00:00" categories: [AI] custom_fields: wpbf_sidebar_position: "global" --- # AI Governance for UK Organisations: Why Your Staff Are Already Using AI and What To Do About It     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Bondgate IT Named Pax8 Beyond 2025 Peak Performance Cyber Security Partner" url: "https://www.bondgate.co.uk/business/award-winning/bondgate-it-wins-pax8-beyond-2025-peak-performance-cyber-security-award/" lang: "en-GB" type: "post" description: "Bondgate IT has been named the Pax8 Beyond 2025 Peak Performance – Cyber Security Partner, recognising the company’s leadership in delivering multi-layered, governance-driven cyber protection across the UK. The award highlights Bondgate IT’s ongoing commitment to raising awareness of cyber resilience — from its partnership with Pax8 to its national recognition through the BBC." last_modified: "2025-10-10T15:03:08+00:00" categories: [Award Winning] custom_fields: wpbf_sidebar_position: "global" --- # Bondgate IT Named Pax8 Beyond 2025 Peak Performance Cyber Security Partner     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Bondgate IT and Damien Harrison shortlisted at CyberNorth Awards 2025 | #CyberFest" url: "https://www.bondgate.co.uk/cybersecurity/bondgate-it-and-damien-harrison-shortlisted-at-cybernorth-awards-2025-cyberfest/" lang: "en-GB" type: "post" description: "Bondgate IT and Damien Harrison shortlisted for the CyberNorth Awards 2025. Damien is up for Rising Star, and Bondgate IT is in the running for Business or Cyber Team of the Year at #CyberFest on 22 October. Read how Tees Valley talent is shaping cyber resilience across the North East." last_modified: "2025-10-06T11:37:45+00:00" categories: [Cybersecurity] custom_fields: wpbf_sidebar_position: "global" --- # Bondgate IT and Damien Harrison shortlisted at CyberNorth Awards 2025 | #CyberFest     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Collins Aerospace Cyberattack: How One Software Outage Ground Europe’s Airports to a Halt" url: "https://www.bondgate.co.uk/cybersecurity/collins-aerospace-cyberattack-supply-chain-risk/" lang: "en-GB" type: "post" description: "On 20 September 2025, the Collins Aerospace cyberattack brought Europe’s airports to a standstill.\n\nFrom Heathrow to Berlin, check-in desks froze. Baggage systems failed. Passengers queued for hours as flights were cancelled by the hundreds. Brussels Airport even instructed airlines to abandon half of all scheduled departures.\n\nThis wasn’t just an IT glitch. The Collins Aerospace cyberattack exposed the fragility of digital supply chains, a wake-up call for every business that relies on third-party systems." last_modified: "2025-09-22T11:29:27+00:00" categories: [Cybersecurity] custom_fields: wpbf_sidebar_position: "global" --- # Collins Aerospace Cyberattack: How One Software Outage Ground Europe’s Airports to a Halt     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "The Final Countdown: Are You Ready for the End of Windows 10 Support?" url: "https://www.bondgate.co.uk/microsoft/windows/windows-10-end-of-support-countdown/" lang: "en-GB" type: "post" description: "On 14th October 2025, Microsoft will end all support for Windows 10. That means no more security updates, no more patches, and no more official help. For SMEs in the North East, this isn’t just an IT milestone — it’s a business-critical deadline.\n\n Live countdown to Windows 10 end of support:" last_modified: "2025-09-05T09:27:54+00:00" categories: [Windows] custom_fields: wpbf_sidebar_position: "global" --- # The Final Countdown: Are You Ready for the End of Windows 10 Support?     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "What Is GRC? A Practical Guide to Governance, Risk, and Compliance" url: "https://www.bondgate.co.uk/compliance/grc-framework-smes-regulated-industries/" lang: "en-GB" type: "post" description: "If you’re unsure what Governance, Risk, and Compliance (GRC) means for your business, this guide breaks it down. From governance and risk management to compliance with GDPR, ISO 27001, and PART-IS, we explain why GRC matters for UK SMEs in regulated sectors. Read how Bondgate IT can help." last_modified: "2025-09-05T08:37:04+00:00" categories: [Compliance] custom_fields: wpbf_sidebar_position: "global" --- # What Is GRC? A Practical Guide to Governance, Risk, and Compliance     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Why OEMs Now Demand TISAX, VISAR & ISO 27001, And What UK Dealerships Must Do Next" url: "https://www.bondgate.co.uk/compliance/tisax-for-dealerships-visar-iso27001/" lang: "en-GB" type: "post" description: "Cybersecurity frameworks like TISAX, VISAR, and ISO 27001 are now required by OEMs including Volkswagen and Mercedes. This post explains what they mean for UK dealerships and how to prepare." last_modified: "2025-09-03T12:50:58+00:00" categories: [Compliance] custom_fields: wpbf_sidebar_position: "global" --- # Why OEMs Now Demand TISAX, VISAR & ISO 27001, And What UK Dealerships Must Do Next     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Smart & Safe AI Policies to Use at Work" url: "https://www.bondgate.co.uk/compliance/smart-safe-ai-policies-to-use-at-work/" lang: "en-GB" type: "post" description: "AI tools are transforming business operations, but without a clear usage policy, they also introduce risk. This guide explains how to create a responsible AI usage policy that supports compliance, protects sensitive data, and empowers your team to use AI safely. Learn what to include, how to implement it, and how Bondgate can help you govern tools like ChatGPT and Copilot responsibly." last_modified: "2025-08-19T11:14:14+00:00" categories: [Compliance] tags: [AI in business operations, AI policy for business, AI security risks, AI tools for small business, business technology strategy, ChatGPT in the workplace, creating AI policies, cybersecurity for small business, data protection with AI, employee AI guidelines, internal AI usage policy, IT policy for employees, Microsoft Copilot policy, responsible AI use, secure AI implementation, small business IT support, workplace AI tools] custom_fields: wpbf_sidebar_position: "global" --- # Smart & Safe AI Policies to Use at Work     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "6 NEW Outlook Tips & Tricks for 2025 That Save Hours" url: "https://www.bondgate.co.uk/microsoft/6-new-outlook-tips-tricks-for-2025-that-save-hours/" lang: "en-GB" type: "post" description: "The New Outlook 2025 is here, and it’s more than just a fresh look. From smarter search and pinned emails to My Day and easy app integrations, these six powerful features can help you save time, stay organised, and boost productivity. Discover how they work, and how Bondgate IT can help you get the most from Microsoft 365." last_modified: "2025-08-14T12:59:48+00:00" categories: [Microsoft] custom_fields: wpbf_sidebar_position: "global" --- # 6 NEW Outlook Tips & Tricks for 2025 That Save Hours     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "The DSPT Deadline Has Passed: A Retrospective on Why Year-Round Cyber Resilience is Key" url: "https://www.bondgate.co.uk/compliance/dspt-compliance-deadline-2025-cyber-resilience-healthcare/" lang: "en-GB" type: "post" description: "As of July 30th, 2025, the clock has ticked past the DSPT compliance deadline. If you're in health, social care, or the non-profit sector, you know it's like running a marathon every June, juggling forms, chasing signatures, and ticking boxes." last_modified: "2025-07-30T10:05:09+00:00" categories: [Compliance] custom_fields: wpbf_sidebar_position: "global" --- # The DSPT Deadline Has Passed: A Retrospective on Why Year-Round Cyber Resilience is Key     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Windows 10 End of Support: What Businesses Need to Do Before October 14, 2025" url: "https://www.bondgate.co.uk/microsoft/windows/windows-10-end-of-life-what-it-means-for-your-business-and-what-to-do-now/" lang: "en-GB" type: "post" description: "Microsoft has confirmed that Windows 10 will reach end of support on 14 October 2025. If your organisation is still relying on Windows 10, now is the time to take action. After this date, Microsoft will no longer provide security updates, bug fixes, or technical support.\n\nThat means your systems could be exposed to significant risk—without the protection or updates needed to stay secure and compliant." last_modified: "2025-07-24T13:29:28+00:00" categories: [Windows] custom_fields: wpbf_sidebar_position: "global" --- # Windows 10 End of Support: What Businesses Need to Do Before October 14, 2025     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Bondgate IT Ranked Among World’s Top Managed Service Providers in 2025 MSP 501" url: "https://www.bondgate.co.uk/business/award-winning/bondgate-it-msp-501-2025-top-ranked-north-east-uk/" lang: "en-GB" type: "post" description: "Bondgate IT ranks #1 in the North East and among the top Managed Service Providers globally in the 2025 MSP 501 by Channel Futures. Recognised for excellence in IT support, cybersecurity, and business-aligned technology services, Bondgate continues to set the standard for SMEs across Darlington, Tees Valley, and beyond." last_modified: "2026-05-14T11:25:05+00:00" categories: [Award Winning] custom_fields: wpbf_sidebar_position: "global" --- # Bondgate IT Ranked Among World’s Top Managed Service Providers in 2025 MSP 501     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Why Xero, Google & Microsoft Don’t Fully Back Up Your Cloud Data" url: "https://www.bondgate.co.uk/business-continuity/cloud-backup-for-xero-google-microsoft/" lang: "en-GB" type: "post" description: "Think Xero or Google automatically backs up your cloud data? They don’t. Learn the real risks, what backup protection actually looks like, and how to fix it." last_modified: "2025-07-08T14:42:34+00:00" categories: [Business Continuity] custom_fields: wpbf_sidebar_position: "global" --- # Why Xero, Google & Microsoft Don’t Fully Back Up Your Cloud Data     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Award-Winning IT Support in the North East | Bondgate IT" url: "https://www.bondgate.co.uk/business/award-winning/award-winning-it-support-north-east/" lang: "en-GB" type: "post" description: "We’re proud to announce Bondgate IT has been recognised as Runner-Up for MSP/Service Provider of the Year at the 2025 GTIA Spotlight Awards. With over 2,000 members in the GTIA community, this national recognition is a huge win for our team, and for the entire North East tech community we proudly represent." last_modified: "2025-07-21T12:44:45+00:00" categories: [Award Winning] custom_fields: wpbf_sidebar_position: "global" --- # Award-Winning IT Support in the North East | Bondgate IT     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "How Much Could IT Downtime Really Cost Your Business?" url: "https://www.bondgate.co.uk/business-continuity/how-much-could-it-downtime-really-cost-your-business/" lang: "en-GB" type: "post" description: "Spoiler: It’s probably more than you think. IT outages are rarely just a tech issue. When your systems go down, it hits productivity, delays client work, damages trust, and if you're not prepared can wipe out thousands of pounds in" last_modified: "2025-06-05T08:53:56+00:00" categories: [Business Continuity] custom_fields: wpbf_sidebar_position: "global" --- # How Much Could IT Downtime Really Cost Your Business?     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Cybersecurity for SMEs: Garry Brown, Bondgate IT, and the NEBRC" url: "https://www.bondgate.co.uk/cybersecurity/cybersecurity-for-smes-garry-brown-bondgate-it-and-the-nebrc/" lang: "en-GB" type: "post" description: "Bondgate IT and Managing Director Garry Brown are working with the North East Business Resilience Centre (NEBRC) to provide practical cybersecurity support for SMEs across the North East, Yorkshire, and The Humber. Learn how this partnership is protecting local businesses from rising cyber threats." last_modified: "2025-06-02T14:37:16+00:00" categories: [Cybersecurity] custom_fields: wpbf_sidebar_position: "global" --- # Cybersecurity for SMEs: Garry Brown, Bondgate IT, and the NEBRC     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Bondgate IT Recognised as One of the UK’s Top Cybersecurity Companies" url: "https://www.bondgate.co.uk/cybersecurity/top-uk-cybersecurity-company/" lang: "en-GB" type: "post" description: "Bondgate IT has been named one of the UK’s top cybersecurity companies by DesignRush. Learn how our strategic, embedded approach to cybersecurity is helping businesses stay secure, scalable, and resilient in an age of digital threats." last_modified: "2025-05-22T12:15:44+00:00" categories: [Cybersecurity] custom_fields: wpbf_sidebar_position: "global" --- # Bondgate IT Recognised as One of the UK’s Top Cybersecurity Companies     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Why Cyberattacks on UK Retailers Are Rising and How to Respond" url: "https://www.bondgate.co.uk/cybersecurity/uk-retail-cyberattacks-response-plan/" lang: "en-GB" type: "post" description: "UK retailers are facing a sharp rise in cyberattacks, from phishing to ransomware. Garry Brown of Bondgate IT shares what business owners need to know and do now to protect their teams, data, and operations." last_modified: "2025-05-21T14:17:09+00:00" categories: [Cybersecurity] custom_fields: wpbf_sidebar_position: "global" --- # Why Cyberattacks on UK Retailers Are Rising and How to Respond     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Bondgate Cyber Security? Why the BBC Got Our Name Wrong, and What You Should Know About Bondgate IT" url: "https://www.bondgate.co.uk/cybersecurity/bondgate-cyber-security/bondgate-cyber-security-why-the-bbc-got-our-name-wrong-and-what-you-should-know-about-bondgate-it/" lang: "en-GB" type: "post" description: "After a BBC feature mistakenly called us “Bondgate Cyber Security,” we’re setting the record straight. Learn what Bondgate IT actually does, and how to choose the right tech partner." last_modified: "2025-05-21T13:18:08+00:00" categories: [Bondgate Cyber Security] custom_fields: wpbf_sidebar_position: "global" --- # Bondgate Cyber Security? Why the BBC Got Our Name Wrong, and What You Should Know About Bondgate IT     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "What UK Businesses Can Learn from Cyber Siege: From Russia to Redcar and the £10 Million Ransomware Attack" url: "https://www.bondgate.co.uk/cybersecurity/what-uk-businesses-can-learn-from-redcars-10-million-ransomware-attack/" lang: "en-GB" type: "post" description: "What UK Businesses Can Learn from Cyber Siege: From Russia to Redcar and the £10 Million Ransomware Attack Published by Bondgate IT | May 2025 As featured in the BBC’s Cyber Siege: From Russia to Redcar Cyber Siege: From Russia" last_modified: "2025-05-20T15:33:56+00:00" categories: [Cybersecurity] tags: [bbc, cyber siege, Cybersecurity, redcar and cleveland] custom_fields: wpbf_sidebar_position: "global" --- # What UK Businesses Can Learn from Cyber Siege: From Russia to Redcar and the £10 Million Ransomware Attack     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Aviation Cybersecurity Awareness: EASA Part-IS Training" url: "https://www.bondgate.co.uk/uncategorized/cybersecurity-awareness-aviation-defence/" lang: "en-GB" type: "post" description: "Technology alone isn't enough: your staff are your frontline defence in aviation cybersecurity. This article details common threats targeting employees, explains EASA Part-IS awareness training requirements, and offers practical methods to build a vigilant, security-aware culture within your aviation organisation." last_modified: "2025-06-16T08:48:56+00:00" categories: [Uncategorized] custom_fields: wpbf_sidebar_position: "global" --- # Aviation Cybersecurity Awareness: EASA Part-IS Training     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Cyber Security for SMEs: From the Boardroom to the Frontline" url: "https://www.bondgate.co.uk/cybersecurity/cyber-security-for-smes-from-the-boardroom-to-the-frontline/" lang: "en-GB" type: "post" description: "Cyber Security for SMEs: From the Boardroom to the Frontline Are you confident your SME could recover from a cyber attack? Do your staff know how to recognise phishing emails or secure business data? Small and medium-sized enterprises (SMEs) are" last_modified: "2025-05-17T17:59:42+00:00" categories: [Cybersecurity] custom_fields: wpbf_sidebar_position: "global" --- # Cyber Security for SMEs: From the Boardroom to the Frontline     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Aviation Supply Chain Cyber Risk: EASA Part-IS Management" url: "https://www.bondgate.co.uk/uncategorized/supply-chain-cyber-risk-aviation-manage/" lang: "en-GB" type: "post" description: "Uncover the hidden cyber risks within your aviation supply chain. This article defines supply chain cyber risk, explains EASA Part-IS requirements for third-party security, and provides actionable strategies for managing vendor vulnerabilities and ensuring broader operational safety." last_modified: "2025-06-16T08:44:33+00:00" categories: [Uncategorized] custom_fields: wpbf_sidebar_position: "global" --- # Aviation Supply Chain Cyber Risk: EASA Part-IS Management     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "🔒 Cybersecurity Best Practices for Law Firms" url: "https://www.bondgate.co.uk/cybersecurity/cybersecurity-best-practices-for-law-firms/" lang: "en-GB" type: "post" description: "The recent cybersecurity incident involving the UK's Legal Aid Agency (LAA) has underscored the critical importance of robust cybersecurity measures within the legal sector. The LAA, responsible for managing legal aid services across England and Wales, reported a security breach where it's possible that payment information related to legal aid providers may have been accessed by unauthorised parties." last_modified: "2025-05-08T09:48:05+00:00" categories: [Cybersecurity] custom_fields: wpbf_sidebar_position: "global" --- # 🔒 Cybersecurity Best Practices for Law Firms     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "🖥️ Game Over for Windows 10: Are You Ready to Level Up?" url: "https://www.bondgate.co.uk/microsoft/game-over-for-windows-10-are-you-ready-to-level-up/" lang: "en-GB" type: "post" description: "Windows 10 support ends 14 October 2025. Bondgate IT helps Tees Valley businesses upgrade to Windows 11 with up to £400 cashback per device. Act early and stay secure." last_modified: "2025-05-09T12:59:26+00:00" categories: [Microsoft, Windows] custom_fields: wpbf_sidebar_position: "global" --- # 🖥️ Game Over for Windows 10: Are You Ready to Level Up?     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Cyber Essentials 2025: What the New Changes Mean for Your Business" url: "https://www.bondgate.co.uk/cybersecurity/cyber-essentials/cyber-essentials-2025-what-the-new-changes-mean-for-your-business/" lang: "en-GB" type: "post" description: "Cyber Essentials version 3.2 comes into force on 28 April 2025. If you’re an SME in the North East, you’ll need to meet new requirements around MFA, cloud configuration, remote working and software control. Learn what’s changing and how Bondgate IT can help you stay compliant." last_modified: "2025-04-22T14:44:10+00:00" categories: [Cyber Essentials, Cybersecurity] custom_fields: wpbf_sidebar_position: "global" --- # Cyber Essentials 2025: What the New Changes Mean for Your Business     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Is Your Law Firm’s IT Costing You More Than You Think? 5 Red Flags Legal Firms in the North East Can’t Afford to Ignore" url: "https://www.bondgate.co.uk/it-management/is-your-law-firms-it-costing-you-more-than-you-think-5-red-flags-legal-firms-in-the-north-east-cant-afford-to-ignore/" lang: "en-GB" type: "post" description: "Many law firms in the North East unknowingly suffer from slow systems, unpredictable IT costs, and compliance risks. Discover 5 warning signs your firm may need better managed IT support and how Bondgate IT can help." last_modified: "2025-04-22T12:12:42+00:00" categories: [IT Management] custom_fields: wpbf_sidebar_position: "global" --- # Is Your Law Firm’s IT Costing You More Than You Think? 5 Red Flags Legal Firms in the North East Can’t Afford to Ignore     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "The Hidden Risk: Why Many IT Providers Can’t Help You with Part-IS" url: "https://www.bondgate.co.uk/compliance/the-hidden-risk-why-many-it-providers-cant-help-you-with-part-is/" lang: "en-GB" type: "post" description: "Your IT provider may not be equipped for EASA Part-IS compliance. This article exposes the gap between general IT support and specialised aviation cybersecurity, outlining key questions to ask and when to seek a dedicated compliance expert or vCISO." last_modified: "2025-06-17T18:59:28+00:00" categories: [Compliance] custom_fields: wpbf_sidebar_position: "global" --- # The Hidden Risk: Why Many IT Providers Can’t Help You with Part-IS     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "From Zero Day to Business Resilience: Why SMEs Need Robust Continuity Plans" url: "https://www.bondgate.co.uk/business-continuity/from-zero-day-to-business-resilience-why-smes-need-robust-continuity-plans/" lang: "en-GB" type: "post" description: "Netflix’s Zero Day paints a terrifying picture of cyber catastrophe—but real-world threats to SMEs are very real. Learn why a robust continuity plan is essential and how Bondgate IT can protect your business." last_modified: "2025-04-10T12:24:29+00:00" categories: [Business Continuity] custom_fields: wpbf_sidebar_position: "global" --- # From Zero Day to Business Resilience: Why SMEs Need Robust Continuity Plans     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Navigating the Transition: A Guide for North East Businesses to the Windows 10 End of Life" url: "https://www.bondgate.co.uk/microsoft/navigating-the-transition-a-guide-for-north-east-businesses-to-the-windows-10-end-of-life/" lang: "en-GB" type: "post" description: "Ensure a smooth transition from Windows 10 end of life by planning early, creating a detailed plan, communicating effectively, testing thoroughly, backing up data, and seeking expert help." last_modified: "2025-03-25T08:45:51+00:00" categories: [Microsoft] custom_fields: wpbf_sidebar_position: "global" --- # Navigating the Transition: A Guide for North East Businesses to the Windows 10 End of Life     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "The 5 Symptoms of Bad IT That Are Plaguing Your Business" url: "https://www.bondgate.co.uk/it-management/the-5-symptoms-of-bad-it-that-are-plaguing-your-business/" lang: "en-GB" type: "post" description: "Just like ignoring health issues can harm your well-being, neglecting IT problems can slow down your business. Bondgate IT identifies the 5 common symptoms of bad IT, from slow response times to costly \"Band-Aid\" fixes. Book your IT check-up at https://www.bondgate.co.uk/ithealthcheck and let us prescribe the right solutions to get your technology running smoothly again. \n\nWe're here to be your trusted technology partner, ensuring your IT supports your business goals." last_modified: "2025-03-19T10:01:26+00:00" categories: [IT Management] custom_fields: wpbf_sidebar_position: "global" --- # The 5 Symptoms of Bad IT That Are Plaguing Your Business     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Cyber Essentials vs ISO 27001 vs EASA Part-IS: What’s the Difference?" url: "https://www.bondgate.co.uk/compliance/cyber-essentials-vs-iso-27001-vs-easa-part-is/" lang: "en-GB" type: "post" description: "Understand the differences between Cyber Essentials, ISO 27001, and EASA Part-IS. See how they align, what they cover, and which one your aviation business really needs." last_modified: "2025-06-16T08:30:57+00:00" categories: [Compliance] custom_fields: wpbf_sidebar_position: "global" --- # Cyber Essentials vs ISO 27001 vs EASA Part-IS: What’s the Difference?     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Bondgate IT Academy – Elearning platform" url: "https://www.bondgate.co.uk/learn/" lang: "en-GB" type: "page" description: "Bondgate IT Academy The Bondgate Academy provides bite-sized training videos designed to fit your busy schedule. Learn the ins and outs of Microsoft Windows 11, master the power of Microsoft 365, and explore the cutting-edge capabilities of CoPilot – all" last_modified: "2025-02-19T13:09:07+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Bondgate IT Academy – Elearning platform     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Strengthen Your Cyber Defences: Mitigating Human Risk with Bondgate IT" url: "https://www.bondgate.co.uk/cybersecurity/strengthen-your-cyber-defences-mitigating-human-risk-with-bondgate-it/" lang: "en-GB" type: "post" description: "Reduce your risk of data breaches and financial losses with Bondgate IT's Human Risk Management. We empower your employees with the knowledge and skills to combat evolving cyber threats. Free Human Risk Assessment available. Contact us today!" last_modified: "2025-03-19T10:57:12+00:00" categories: [Cybersecurity] custom_fields: wpbf_sidebar_position: "global" --- # Strengthen Your Cyber Defences: Mitigating Human Risk with Bondgate IT     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "How to Build an ISMS for EASA Part-IS Compliance" url: "https://www.bondgate.co.uk/compliance/build-isms-easa-part-is/" lang: "en-GB" type: "post" description: "Learn how aviation SMEs can build an effective, manageable ISMS for EASA Part-IS compliance without unnecessary complexity or cost. Start with smart, scalable steps." last_modified: "2025-09-22T10:45:56+00:00" categories: [Compliance] custom_fields: wpbf_sidebar_position: "global" --- # How to Build an ISMS for EASA Part-IS Compliance     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "What Is EASA Part-IS – And Why It’s a Game-Changer for Aviation SMEs" url: "https://www.bondgate.co.uk/compliance/easa-part-is-aviation-smes-overview/" lang: "en-GB" type: "post" description: "This article will break down EASA Part-IS into straightforward terms, clarify who needs to comply, explain why it was introduced, and show you how it will impact your daily operations. You’ll learn the key requirements and discover the tangible benefits of achieving compliance. By the end, you’ll have a clear understanding of your first steps towards meeting these vital new standards. This article is for any aviation SME owner, operator, or compliance manager feeling confused or concerned about the implications of EASA Part-IS." last_modified: "2025-06-13T13:47:53+00:00" categories: [Compliance] custom_fields: wpbf_sidebar_position: "global" --- # What Is EASA Part-IS – And Why It’s a Game-Changer for Aviation SMEs     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Peace of Mind for Tees Valley Business Directors: Your Essential Guide to Business Continuity and Disaster Recovery" url: "https://www.bondgate.co.uk/business-continuity/peace-of-mind-for-tees-valley-business-directors-your-essential-guide-to-business-continuity-and-disaster-recovery/" lang: "en-GB" type: "post" description: "As Business Directors, we're responsible for keeping our businesses financially healthy. But what happens when the unexpected hits? A cyberattack, a flood, a major IT outage – these events can cause chaos and financial strain. Business Continuity and Disaster Recovery (BCDR) is a plan that outlines how your business will continue operating during and after a major disruption. Bondgate IT can help you develop a robust, tailored BCDR plan." last_modified: "2025-03-07T11:33:01+00:00" categories: [Business, Business Continuity] custom_fields: wpbf_sidebar_position: "global" --- # Peace of Mind for Tees Valley Business Directors: Your Essential Guide to Business Continuity and Disaster Recovery     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Ring in 2025 with Tech Confidence: Your IT Guide for Success in Darlington" url: "https://www.bondgate.co.uk/business/ring-in-2025-with-tech-confidence-your-it-guide-for-success-in-darlington/" lang: "en-GB" type: "post" description: "Is your business ready for the tech challenges of 2025? Explore five essential IT resolutions to enhance productivity, fortify cybersecurity, and ensure business continuity in Darlington and Tees Valley." last_modified: "2024-12-31T13:38:00+00:00" categories: [Business] custom_fields: wpbf_sidebar_position: "global" --- # Ring in 2025 with Tech Confidence: Your IT Guide for Success in Darlington     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Essential Cyber Hygiene Tips for 2025: Protecting Your Digital Life" url: "https://www.bondgate.co.uk/cybersecurity/essential-cyber-hygiene-tips-for-2025-protecting-your-digital-life/" lang: "en-GB" type: "post" description: "Cyber hygiene is a core part of a robust cybersecurity strategy. As Gary Brown, Managing Director of Bondgate IT and Cyber Expert for the NEBRC, puts it, 'It should be as second nature as locking your door at night - a regular, essential part of your every day.' Discover essential tips to make cyber hygiene a habit, from strengthening your passwords to recognising phishing scams. Empower yourself and your family with the knowledge to keep your data secure in 2025!" last_modified: "2025-03-07T11:21:22+00:00" categories: [Cybersecurity] custom_fields: wpbf_sidebar_position: "global" --- # Essential Cyber Hygiene Tips for 2025: Protecting Your Digital Life     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "AI-Powered Scams: How to Stay Safe Online This Christmas" url: "https://www.bondgate.co.uk/cybersecurity/ai-powered-scams-how-to-stay-safe-online-this-christmas/" lang: "en-GB" type: "post" description: "During the 2023 Christmas period, shoppers in the UK lost over £11.5 million to online scams, a considerable jump from the £10.6 million lost between November 2022 and January 2023. nShoppers in Tees Valley need to be particularly vigilant, as social media is a hotbed for these scams. In 2022, over half (51%) of reported fraud cases involved social media platforms." last_modified: "2024-11-26T08:20:26+00:00" categories: [Cybersecurity] custom_fields: wpbf_sidebar_position: "global" --- # AI-Powered Scams: How to Stay Safe Online This Christmas     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Upgrading from Windows 10 to Windows 11: A Comprehensive Guide" url: "https://www.bondgate.co.uk/microsoft/upgrading-from-windows-10-to-windows-11-a-comprehensive-guide/" lang: "en-GB" type: "post" description: "Upgrading from Windows 10 to Windows 11 is essential for maintaining security and performance. This comprehensive guide covers system requirements, preparation steps, the upgrade process, common issues, and post-upgrade optimization tips. Discover how Bondgate IT can assist you in making this transition seamless and efficient." last_modified: "2025-06-09T15:43:13+00:00" categories: [Microsoft] custom_fields: wpbf_sidebar_position: "global" --- # Upgrading from Windows 10 to Windows 11: A Comprehensive Guide     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "New Microsoft Teams Update: What UK Businesses Need to Know" url: "https://www.bondgate.co.uk/microsoft/new-microsoft-teams-update-what-uk-businesses-need-to-know/" lang: "en-GB" type: "post" description: "Microsoft is releasing a major update to Teams in November 2024. This update will bring significant changes to the chat and channels experience, making it easier for UK businesses to collaborate and communicate effectively. Find out everything you need to know about the new features and how they can benefit your business." last_modified: "2024-11-13T09:55:02+00:00" categories: [Microsoft] custom_fields: wpbf_sidebar_position: "global" --- # New Microsoft Teams Update: What UK Businesses Need to Know     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Windows 10 End of Life: What You Need to Know and How to Prepare" url: "https://www.bondgate.co.uk/microsoft/windows-10-end-of-life-what-you-need-to-know-and-how-to-prepare/" lang: "en-GB" type: "post" description: "Learn about the Windows 10 end of life date and what it means for your business. Discover upgrade options and how Bondgate IT can help you transition smoothly." last_modified: "2024-11-07T13:58:43+00:00" categories: [Microsoft] custom_fields: wpbf_sidebar_position: "global" --- # Windows 10 End of Life: What You Need to Know and How to Prepare     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Stanley" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-stanley/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Stanley In an ever-evolving digital landscape, businesses in Stanley must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:55:01+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Stanley     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Consett" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-consett/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Consett In an ever-evolving digital landscape, businesses in Consett must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:59+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Consett     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Blaydon" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-blaydon/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Blaydon In an ever-evolving digital landscape, businesses in Blaydon must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:58+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Blaydon     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Ryton" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-ryton/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Ryton In an ever-evolving digital landscape, businesses in Ryton must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:57+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Ryton     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Wylam" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-wylam/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Wylam In an ever-evolving digital landscape, businesses in Wylam must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:55+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Wylam     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Stocksfield" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-stocksfield/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Stocksfield In an ever-evolving digital landscape, businesses in Stocksfield must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:54+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Stocksfield     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Prudhoe" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-prudhoe/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Prudhoe In an ever-evolving digital landscape, businesses in Prudhoe must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:52+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Prudhoe     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Bedlington" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-bedlington/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Bedlington In an ever-evolving digital landscape, businesses in Bedlington must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:51+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Bedlington     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Amble" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-amble/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Amble In an ever-evolving digital landscape, businesses in Amble must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:49+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Amble     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Seaton-Delaval" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-seaton-delaval/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Seaton-Delaval In an ever-evolving digital landscape, businesses in Seaton-Delaval must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:48+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Seaton-Delaval     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for North-Shields" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-north-shields/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for North-Shields In an ever-evolving digital landscape, businesses in North-Shields must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:46+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for North-Shields     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Tynemouth" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-tynemouth/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Tynemouth In an ever-evolving digital landscape, businesses in Tynemouth must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:45+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Tynemouth     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Wallsend" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-wallsend/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Wallsend In an ever-evolving digital landscape, businesses in Wallsend must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:44+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Wallsend     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Jarrow" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-jarrow/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Jarrow In an ever-evolving digital landscape, businesses in Jarrow must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:42+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Jarrow     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for South-Shields" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-south-shields/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for South-Shields In an ever-evolving digital landscape, businesses in South-Shields must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:41+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for South-Shields     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Whitley-Bay" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-whitley-bay/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Whitley-Bay In an ever-evolving digital landscape, businesses in Whitley-Bay must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:39+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Whitley-Bay     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Cramlington" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-cramlington/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Cramlington In an ever-evolving digital landscape, businesses in Cramlington must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:38+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Cramlington     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Blyth" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-blyth/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Blyth In an ever-evolving digital landscape, businesses in Blyth must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:36+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Blyth     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Ashington" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-ashington/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Ashington In an ever-evolving digital landscape, businesses in Ashington must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:35+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Ashington     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Berwick-upon-Tweed" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-berwick-upon-tweed/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Berwick-upon-Tweed In an ever-evolving digital landscape, businesses in Berwick-upon-Tweed must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:33+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Berwick-upon-Tweed     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Morpeth" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-morpeth/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Morpeth In an ever-evolving digital landscape, businesses in Morpeth must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:32+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Morpeth     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Alnwick" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-alnwick/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Alnwick In an ever-evolving digital landscape, businesses in Alnwick must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:30+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Alnwick     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Hexham" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-hexham/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Hexham In an ever-evolving digital landscape, businesses in Hexham must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:29+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Hexham     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Newcastle-upon-Tyne" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-newcastle-upon-tyne/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Newcastle-upon-Tyne In an ever-evolving digital landscape, businesses in Newcastle-upon-Tyne must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:27+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Newcastle-upon-Tyne     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Gateshead" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-gateshead/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Gateshead In an ever-evolving digital landscape, businesses in Gateshead must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:26+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Gateshead     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Sunderland" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-sunderland/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Sunderland In an ever-evolving digital landscape, businesses in Sunderland must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:24+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Sunderland     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Washington" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-washington/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Washington In an ever-evolving digital landscape, businesses in Washington must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:23+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Washington     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Houghton-le-Spring" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-houghton-le-spring/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Houghton-le-Spring In an ever-evolving digital landscape, businesses in Houghton-le-Spring must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:21+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Houghton-le-Spring     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Ripon" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-ripon/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Ripon In an ever-evolving digital landscape, businesses in Ripon must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:20+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Ripon     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Harrogate" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-harrogate/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Harrogate In an ever-evolving digital landscape, businesses in Harrogate must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:18+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Harrogate     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Knaresborough" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-knaresborough/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Knaresborough In an ever-evolving digital landscape, businesses in Knaresborough must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:17+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Knaresborough     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Leyburn" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-leyburn/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Leyburn In an ever-evolving digital landscape, businesses in Leyburn must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:15+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Leyburn     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Bedale" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-bedale/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Bedale In an ever-evolving digital landscape, businesses in Bedale must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:14+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Bedale     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Richmond" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-richmond/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Richmond In an ever-evolving digital landscape, businesses in Richmond must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:12+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Richmond     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Catterick-Garrison" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-catterick-garrison/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Catterick-Garrison In an ever-evolving digital landscape, businesses in Catterick-Garrison must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:11+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Catterick-Garrison     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Crook" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-crook/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Crook In an ever-evolving digital landscape, businesses in Crook must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:09+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Crook     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Ferryhill" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-ferryhill/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Ferryhill In an ever-evolving digital landscape, businesses in Ferryhill must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:08+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Ferryhill     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Shildon" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-shildon/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Shildon In an ever-evolving digital landscape, businesses in Shildon must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:06+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Shildon     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Eaglescliffe" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-eaglescliffe/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Eaglescliffe In an ever-evolving digital landscape, businesses in Eaglescliffe must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:05+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Eaglescliffe     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Hartburn" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-hartburn/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Hartburn In an ever-evolving digital landscape, businesses in Hartburn must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:04+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Hartburn     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Wynyard" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-wynyard/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Wynyard In an ever-evolving digital landscape, businesses in Wynyard must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:02+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Wynyard     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Northallerton" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-northallerton/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Northallerton In an ever-evolving digital landscape, businesses in Northallerton must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:54:01+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Northallerton     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Spennymoor" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-spennymoor/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Spennymoor In an ever-evolving digital landscape, businesses in Spennymoor must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:53:59+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Spennymoor     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   --- --- title: "Disaster Recovery Services for Sedgefield" url: "https://www.bondgate.co.uk/disaster-recovery-services-for-sedgefield/" lang: "en-GB" type: "page" description: "Disaster Recovery Services for Sedgefield In an ever-evolving digital landscape, businesses in Sedgefield must navigate a variety of threats that can disrupt operations and lead to significant financial losses. At Bondgate IT, we recognise the unique challenges your organisation faces" last_modified: "2024-10-24T11:53:58+00:00" custom_fields: wpbf_sidebar_position: "global" --- # Disaster Recovery Services for Sedgefield     Cyber Insurance Readiness # Cyber Insurance Renewal Checklist: 47 Questions That Could Increase Your Premium or Block Cover Last updated: May 14, 2026 | By Damien Harrison, Operations and Marketing Director Cyber insurance renewal forms are becoming more demanding. For many SMEs, the uncomfortable moment now comes when the insurer asks for evidence that basic security controls are genuinely in place. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) ### In this guide - **01** [Why cyber insurers are asking harder questions](#why-harder) - **02** [Why this should not be a surprise](#why-no-surprise) - **03** [What renewal forms are asking now](#what-asking) - **04** [The questions that expose most gaps](#gaps) - **05** [Why evidence matters more than reassurance](#evidence) - **06** [How Cyber Essentials v3.3 changes the baseline](#cyber-essentials) - **07** [What to do before renewal lands](#before-renewal) - **08** [How Bondgate IT can help](#bondgate-help) - **09** [Frequently asked questions](#faqs) Renewal Pressure ## Why cyber insurers are asking harder questions Cyber insurance used to feel like a financial safety net. For many SMEs, the renewal process now feels much closer to a cyber security audit. Insurers are no longer satisfied with broad statements such as “we have antivirus”, “our IT company handles that”, or “we back everything up”. Renewal forms increasingly ask for detailed answers about how your systems are protected, who monitors them, how quickly you patch, whether staff are tested, and whether your backups would survive a ransomware attack. The issue is not whether your organisation has an IT provider. The issue is whether your leadership team can stand behind the answers being given to the insurer. **Cyber insurance readiness** The ability to answer an insurer’s security questions with confidence, evidence, and operational clarity before renewal paperwork lands. It is not the same as having cyber insurance. It is the work that makes cover easier to obtain, defend, and rely on. Insurer forms are moving from promises to proof. If you answer “No”, “Partial”, or “Unsure” to key questions, that can affect your premium, cover limits, exclusions, or your ability to secure cover at all. Context ## This tightening should not surprise any SME leader The UK Government’s Cyber Security Breaches Survey 2025 showed that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. That is around 612,000 businesses. Phishing remains the most common form of attack by a clear margin. The uncomfortable part is that phishing is getting harder to spot. AI tools mean fraudulent emails can now be grammatically clean, accurately branded, and written in the correct business context. The old advice about looking for spelling mistakes and odd formatting is no longer enough. Insurers are responding to that reality. They want to know whether your organisation can prevent, detect, contain, and recover from common attacks. That means they are looking closely at MFA, endpoint monitoring, email security, backup testing, staff training, privileged access, and incident response planning. Change ## What renewal forms are asking now Recent renewal forms ask questions that reach across IT, finance, HR, operations, supplier management, and leadership governance. They do not simply ask whether you have security controls. They ask how those controls are configured, monitored, tested, and evidenced. | Insurer question | What they are really testing | Why weak answers matter | | --- | --- | --- | | Is MFA required for all remote access? | Can attackers log in with stolen passwords? | No MFA on remote access is one of the clearest warning signs for underwriters | | Is MFA required for cloud resources? | Are Microsoft 365, finance, HR, CRM, and file systems protected? | Cloud compromise is one of the fastest routes to data theft and invoice fraud | | Is EDR deployed on all endpoints? | Can you detect and respond to active compromise? | Standard antivirus is no longer enough for many insurer expectations | | Are backups air-gapped or immutable? | Could you recover if ransomware encrypted live systems? | Connected backups can be encrypted alongside live data | | Do you test full restoration? | Do your backups actually work under pressure? | Untested backups create false confidence and delay recovery | | Do you simulate phishing attacks? | Are people prepared for realistic social engineering? | Phishing is still the most common route into businesses | | Do you have end-of-life software? | Are known weaknesses still present in the estate? | Unsupported software can create exclusions, remediation demands, or higher premiums | | Do you verify payment changes through another channel? | Can your finance process resist invoice fraud and impersonation? | Financial fraud controls are often assessed separately from technical controls | The pattern is clear. Cyber insurance is no longer there to compensate for weak cyber security. It increasingly expects evidence of strong cyber security before cover begins. Analysis ## The questions that expose most gaps In our experience working with North East businesses on cyber insurance readiness, certain questions consistently surface gaps that leadership was not aware of. ### Backup testing The most common gap. Organisations that back up regularly often discover, under examination, that they have never tested a full restoration. Backing up and recovering are different things. Insurers now ask for both. ### MFA on cloud services The second most common gap. Many businesses have MFA on their main email account but have not extended it to finance platforms, HR systems, or newer SaaS tools. Under Cyber Essentials v3.3, MFA is mandatory on all cloud services where it is available. ### End-of-life software A gap that often comes as a surprise. A machine running Windows 10 past its support date, or a server running an unsupported version of a database, can create an exclusion or a specific remediation demand in your policy. **Privileged access controls** reveal governance gaps quickly. If the answer to “who has administrator access to your systems?” is “we are not sure” or “most of us”, that is a significant concern for underwriters. Trust ## Why evidence matters more than reassurance The shift underwriters have made is from accepting statements to requiring evidence. “We have antivirus” is a statement. A named EDR product, an active licence confirmation, and a monitoring process is evidence. This matters because a claim at the point of an incident will be reviewed against the answers given at renewal. If you stated that backups were tested and they were not, that can affect whether a claim is paid. The organisations that navigate renewal well are not necessarily the ones with perfect security. They are the ones who can answer clearly, consistently, and with supporting documentation. Update ## How Cyber Essentials v3.3 changes the baseline [Cyber Essentials v3.3](https://www.bondgate.co.uk/cyber-security/cyber-essentials/) came into force on 27 April 2026. It raises the baseline that many insurers are now using as a reference point. **The key changes relevant to renewal readiness:** - MFA is now mandatory on all cloud services where available. This includes Microsoft 365, file storage, finance platforms, and AI tools that process organisational data. - AI tools such as Microsoft Copilot and similar products cannot be excluded from scope. If they process organisational data, they are in scope. - The 14-day patching requirement now applies to any vulnerability scoring 7 or above on the CVSS v3 severity scale. - Director or owner sign-off is required before a Cyber Essentials submission is made. If your organisation holds Cyber Essentials certification, that certification may already be acting as positive evidence for your insurer. If it does not, now is a reasonable time to understand what gap analysis would reveal before renewal lands. Action ## What to do before renewal lands The businesses that find renewal straightforward are the ones that treat readiness as an ongoing operational state, not a form-filling exercise. **Practical steps to take before your renewal window:** - Work through the 47 questions in the checklist and mark honestly: Yes, Partial, No, or Unsure. - For every answer that is not a clear Yes, identify the action needed and the person responsible. - Prioritise MFA coverage, backup testing, and patching currency. These are the areas underwriters weight most heavily. - Document what you have. A written policy, a recent test result, a named product with an active licence are all forms of evidence. - If you have Cyber Essentials, confirm it is current. If you do not, consider whether a gap analysis would be a practical preparatory step. - Speak to your IT provider before your broker. If your provider cannot give you clear answers to the questions in the checklist, that is itself a gap worth addressing. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Partnership ## How Bondgate IT can help Bondgate IT has supported North East businesses through cyber insurance renewals, supplier security questionnaires, and Cyber Essentials certification since 1998. We hold ISO 27001 certification for our own operations, which means we operate to the same standard we help clients achieve. Our cyber insurance readiness work typically covers: - A structured review against the questions insurers are currently asking - Gap identification across MFA, endpoint protection, backup testing, email security, and access controls - A plain-English summary that leadership can use directly with their broker or underwriter - Remediation support for any gaps identified, with clear ownership and timelines - Cyber Essentials certification support if that is appropriate for your situation If your renewal is approaching, or if you simply want to know where you stand before it does, the right place to start is a conversation. [ Start with a Free Conversation ](https://outlook.office.com/book/ClientSuccessTeam@bondgate.co.uk/) Call 01325 369 950 or visit [bondgate.co.uk](https://www.bondgate.co.uk) FAQs ## Frequently asked questions How far in advance should we start preparing for cyber insurance renewal? Start at least 90 days before your renewal date. If gaps are identified, remediation takes time. Some actions, such as backup testing or MFA rollout, require scheduling and change management. Leaving it to the week before the form arrives removes your ability to address anything meaningful. What happens if we answer honestly and admit gaps? Honesty is the correct approach. Insurers are reviewing claims against the answers given at renewal. A gap identified before renewal can be remediated or disclosed with context. A gap discovered at claim stage, after a “Yes” was recorded, is a materially different situation. Does having Cyber Essentials certification improve our renewal outcome? In most cases, yes. Cyber Essentials demonstrates that the five foundational controls have been independently verified. Many insurers now reference Cyber Essentials explicitly in their renewal questions, and a current certificate provides documented evidence rather than a statement. If you do not hold the certification, a recent gap analysis can serve a similar purpose as preparatory evidence. Our IT provider says everything is covered. Is that enough? It depends on what “covered” means and whether there is evidence to support it. Insurers are asking for specifics: named products, tested processes, documented policies, and confirmation of MFA coverage across all relevant services. A reassurance from your IT provider is a starting point, not a final answer. You need to be able to stand behind the answers on the form yourself. What is the biggest mistake businesses make at renewal? Answering based on assumption rather than evidence. The most common scenario is a business that believes controls are in place because they pay for managed IT, but has never confirmed whether backups are tested, which accounts have MFA, or whether any end-of-life software is still running. The form asks what you know, not what you hope is true. Ready to get a clear answer ## Download the free checklist 47 readiness questions, built from real renewal forms. Use it before your insurer calls. [ Download the Free Checklist ](https://marketing.bondgate.co.uk/cyber-insurance-renewal-download) Bondgate IT. ISO 27001 certified. Cyber Essentials certified. Serving North East businesses since 1998. Phone: 01325 369 950 | Web: [bondgate.co.uk](https://www.bondgate.co.uk)   ---