Skip to main content

🚀 New Client Discount — Up to $1,000/mo off

See Details
CybersecurityJuly 1, 2026· 8 min read

Cyber Insurance Is Getting Stricter: What Milwaukee Businesses Should Fix Before Renewal

Cyber insurance questionnaires are asking for proof now. Before renewal, make sure your MFA, backups, endpoint protection, patching, and incident response plan match what you are about to submit.

A client called me in March with a cyber insurance renewal questionnaire that was twelve pages long. Two years earlier, the same carrier had approved them with a short form and a phone call. This time they wanted proof.

Screenshots of MFA. Confirmation that backups were tested. A written patching process. The name of the person who would call the insurance carrier if something went wrong.

He asked me, half joking, whether the insurance company had started acting like an auditor.

Pretty much, yes.

That shift is not random, and it is not limited to one carrier. IBM's 2025 Cost of a Data Breach Report puts the average ransomware-related breach cost at $5.08 million and the average U.S. breach cost at $10.22 million. Healthcare breaches averaged $7.42 million. Those are national numbers, not what every Milwaukee small business should expect to lose, but they explain why carriers are asking harder questions.

Insurers spent years approving cyber policies based mostly on self-attestation. Now they want to know whether the controls on the application are actually in place. Some industry summaries report sharp premium increases, failed assessments, and denied claims when controls do not match the application. I would treat those secondary numbers as directional, not gospel. The practical point is simple: the old "yes, we have security" answer is not enough anymore.

If your renewal is coming up, the best time to find gaps is before your broker sends the questionnaire.

A cyber insurance document protected by a lock on a dark blue background
Cyber insurance renewals are less about checking a box now. Carriers increasingly want proof that the controls are actually in place.

Key Takeaways

  • •Cyber insurance renewals are asking for more proof, especially around MFA, backups, endpoint protection, patching, and incident response.
  • •The biggest risk is not just being denied coverage. It is submitting answers that do not match the real environment and facing claim scrutiny later.
  • •Milwaukee businesses should review their security controls before the broker sends the renewal questionnaire, not after.
  • •A pre-renewal IT review usually takes far less time than fixing gaps under pressure from the carrier.

What changed in the last couple of years

AreaOlder renewalsCurrent renewals
Application formatShort form, mostly yes/no answersLonger technical questionnaire, often asking for proof
MFA"Do you use MFA?"MFA by system: email, VPN, admin accounts, remote access, finance apps
AntivirusBasic antivirus often countedMany forms now ask about EDR or managed endpoint protection
Backups"Do you have backups?"Backup type, retention, immutability, and last restore test
PatchingGeneral software updatesWritten cadence, especially for critical vulnerabilities
Incident responseRarely discussedNamed contacts, carrier notification steps, and a written plan
Claims reviewApplication taken mostly at face valueMore scrutiny when the answers do not match the environment

The uncomfortable part is not just getting denied coverage. The worse outcome is getting approved, paying the premium, and then learning after an incident that the claim is being questioned because the controls on the application were not actually in place.

That is why this should be treated as both an insurance task and an IT task.

The controls carriers care about most

Every carrier asks questions a little differently, but the same controls keep showing up: MFA, endpoint protection, backups, patching, admin access, and incident response.

MFA on more than email

Microsoft 365 MFA is a good start. It is not the whole job.

Carriers often ask about MFA for remote access, VPNs, admin accounts, cloud apps, accounting systems, and sometimes line-of-business software. A company can have MFA enabled for email and still have a serious gap if the firewall, remote desktop tool, or billing platform can be accessed with only a password.

If you are not sure where MFA is enabled, do not guess. Make a list of the systems your business depends on and check each one.

Backups that survive ransomware

A backup is only useful if it can be restored. A backup that sits on the same network as everything else may get encrypted during the same ransomware event.

That is why renewal forms increasingly ask about immutable or offline backups, retention, and restore testing. "The backup job is green" is not the same as "we restored the accounting database last month and confirmed it worked."

For Milwaukee businesses using Microsoft 365, this also includes email, OneDrive, SharePoint, and Teams data. Many owners assume Microsoft 365 backup works like a full business recovery system. It does not, at least not by default.

Laptop showing a completed cyber insurance renewal checklist on an office desk
A pre-renewal checklist should be practical: verify MFA, test restores, review endpoint protection, check patching, and document who does what during an incident.

EDR instead of basic antivirus

Traditional antivirus looks for known bad files. EDR, or Endpoint Detection and Response, watches behavior on the machine and gives someone a way to investigate and respond.

That difference matters on insurance forms. A business may think "we have Defender" answers the question, but the carrier may be asking whether endpoint protection is monitored, managed, and capable of detecting suspicious behavior. The wording matters.

Patching on a schedule

"We update when someone remembers" is not a patch policy.

Most questionnaires want to know how quickly critical updates are applied and whether someone is responsible for tracking them. Thirty days for critical vulnerabilities is a common expectation, but the exact number depends on the carrier and the system.

This gets tricky for businesses running old estimating software, medical software, accounting add-ons, or industry-specific tools that have not been updated in years. Those systems need to be documented instead of ignored.

Admin access that is not shared

Every admin account increases the damage a stolen password can do. Shared admin accounts are even worse because nobody can tell who used them.

Before renewal, review who has local admin rights, who has Microsoft 365 admin rights, who can access backups, and who can make firewall or remote access changes. If the answer is "we think it is just a few people," that needs to become an actual list.

An incident response plan someone has read

A useful incident response plan does not need to be a 40-page binder. For a small business, it should answer basic questions:

  • Who calls the cyber insurance carrier?
  • Who calls the IT provider?
  • Who has authority to shut down systems?
  • Who talks to employees, clients, or vendors?
  • Where are emergency contacts stored if email is down?
  • What should staff do in the first hour?

The plan only helps if the right people know it exists.

What this can cost if you wait

ScenarioWhat to expect
Pre-renewal security reviewUsually a few hours of IT time for a small business
Well-controlled $1M standalone cyber policySome market estimates put this around $1,500 per year, depending heavily on industry, revenue, and controls
Weak controls at renewalHigher premium, reduced coverage, extra conditions, or delays
U.S. data breach averageIBM reports $10.22 million for 2025
Ransomware-related breach averageIBM reports $5.08 million for 2025
Controls misrepresented on the applicationClaim scrutiny and possible coverage problems

The exact premium depends on your business, revenue, industry, claims history, and carrier. A ten-person accounting firm and a medical clinic are not underwritten the same way.

But the basic math is still clear. A few hours of pre-renewal cleanup is cheaper than scrambling after the questionnaire arrives. It is much cheaper than finding out after a breach that the application answers were not accurate.

The Milwaukee angle

I see this problem most often in the same kinds of local businesses: law firms, accounting practices, medical offices, contractors, manufacturers, and professional services firms.

They usually have sensitive data, but their IT setup grew in pieces. A Microsoft 365 tenant here. A firewall there. A backup product someone installed years ago. A line-of-business app that only one person understands. None of that is unusual. It is how small business IT tends to grow.

The problem is that cyber insurance questionnaires do not care how reasonable the history is. They ask what is true today.

  • Do you have MFA everywhere it matters?
  • Can you prove your backups restore?
  • Are endpoints monitored?
  • Are critical patches tracked?
  • Do you know who has admin access?
  • Do you have a plan if systems are locked up on a Monday morning?

If the answer is "probably," that is the gap to fix before renewal.

What to do before your broker sends the form

Start with a simple pre-renewal review:

  1. List the systems that hold business data: Microsoft 365, file shares, accounting software, CRM, practice management software, remote access tools, and backup systems.
  2. Confirm MFA on email, admin accounts, remote access, and finance-related systems.
  3. Check that endpoint protection is installed, current, and monitored.
  4. Review backup status and perform a real restore test.
  5. Document the patching schedule for servers, workstations, firewalls, and key software.
  6. Review admin accounts and remove old or shared access.
  7. Write down the first 24 hours of your incident response process.

This does not have to be dramatic. It just has to be honest.

Powerful IT Systems helps Milwaukee-area businesses review these exact controls before renewal: MFA coverage, endpoint protection, backup restore testing, patch status, admin access, and incident response documentation. If your renewal is coming up, it is better to find the gaps now than under pressure from the carrier.

Sources

Some cyber insurance statistics published by aggregators and MSP marketing sites report higher denial rates, assessment failure rates, and premium increases. Those figures are useful for understanding the direction of the market, but I would not treat them the same way as primary reports from IBM, Verizon, CISA, or carrier-issued claims reports.

Nazar Loshniv, Founder & CEO of Powerful IT Systems
Nazar Loshniv, Founder & CEO

Powerful IT Systems · Sussex, WI

Master's degree in Computer Science with 15+ years of hands-on IT experience serving Milwaukee-area businesses.

Cyber Insurance Renewal Coming Up?

We help Milwaukee-area businesses review MFA, backups, endpoint protection, patching, admin access, and incident response documentation before the questionnaire turns into a problem.