When a Sligo solicitors' practice renewed their cyber insurance in late 2025, their broker's assessment lasted fifteen minutes and consisted of three questions — turnover, number of employees, and whether they had antivirus software. The policy cost €2,400 annually and the practice assumed they were covered. Eight months later, when a ransomware attack encrypted their client files and they filed a claim, the insurer denied it. The policy's warranty clause required MFA on all email accounts. The broker had never asked about MFA. The practice had never enabled it.
This scenario — a broker without cyber expertise placing an inadequate policy with a client who believes they are protected — is not unusual in Ireland. Cyber insurance is a specialist product. General business insurance brokers may not have the technical knowledge to assess whether a business's security controls match the policy terms they are selling.
What a Specialist Broker Looks Different
A cyber insurance broker with genuine expertise does not start with turnover and employee count. They start with your technology — what systems you run, how you access them, who has administrative rights, whether you have ever had an incident, and what controls you have in place to prevent one.
The questions that matter to a cyber underwriter — and that your broker should be relaying to you — are technical. They reflect the actual risk factors that determine whether a claim will be paid. If your broker is not asking these questions, they may be placing a policy without the information an underwriter needs to accurately price and scope your coverage. That creates a gap between what you believe you are covered for and what the policy actually provides.
The Data Protection Commission notes that many Irish businesses discover the limits of their cyber coverage only when they experience a breach — which is precisely the moment when it is too late to address the gap.[^1] A good broker identifies those gaps before the policy is signed, not after the claim is filed.
Has your cyber insurance broker ever asked about your MFA configuration, your patching schedule, or your incident response plan? Book a free 20-minute strategy call — we'll review your current cyber security posture and help you understand what an underwriter will actually want to know.
Questions Your Broker Should Be Asking
Multi-factor authentication is the first and most important question a cyber specialist broker asks. MFA on email accounts, cloud services, VPN access, and administrative interfaces is now a baseline requirement for most cyber policies. Many policies include warranty clauses that require MFA to be in place — meaning if you suffer an account takeover without MFA enabled, the claim can be denied regardless of what the marketing literature said. Your broker should ask specifically which accounts have MFA enabled, who manages the configuration, and whether any accounts with access to financial systems or sensitive data are excluded.
Endpoint protection is the second key area. Basic antivirus is no longer sufficient to satisfy underwriters who understand the threat landscape. Endpoint Detection and Response solutions — which monitor device behaviour rather than just matching known malware signatures — are increasingly expected. Your broker should ask whether you have EDR or traditional antivirus, whether it is managed or self-administered, and what your endpoint policy is for personal devices used for work.
Patch management is a question many brokers skip because it requires understanding what patching means. An underwriter wants to know how quickly critical security updates are applied to your systems. Policies frequently exclude claims arising from attacks that exploited vulnerabilities for which a patch had been available. Your broker should ask how often patches are applied, who is responsible, and whether any systems are running software that is no longer supported by its vendor. An Garda Síochána's National Cyber Crime Bureau has attributed a significant number of Irish ransomware incidents to exploitation of unpatched vulnerabilities.[^2]
Backup configuration is the question that determines whether ransomware is a recoverable event or a catastrophic one. Your broker should ask whether you have backups that are stored offline or in an air-gapped location, how frequently they are taken, and when they were last tested for restorability. A backup that is not regularly tested may not be restorable under pressure. Insurers covering ransomware losses increasingly require evidence of offline backups.
Incident response planning is relevant because insurers want to know whether you have a documented procedure for responding to a cyberattack. This is not about having a perfect plan — it is about demonstrating that you have thought through who does what, who contacts your insurer, who contacts the NCSC Ireland if required, and whether you have pre-approved vendors for forensic investigation and legal response.[^3] Your broker should ask whether a plan exists and whether it has been tested.
Previous incidents and known vulnerabilities must be disclosed fully and accurately. A policy can be voided if material information was withheld at inception. Your broker should ask specifically whether you have experienced any suspected breach, data loss, or security incident in the past three to five years, and whether you are currently aware of any unresolved security vulnerabilities in your systems.
What to Do If Your Broker Is Not Asking These Questions
The absence of these questions from your renewal conversation is a meaningful signal. It does not necessarily mean your broker is incompetent — they may simply be a general commercial insurance specialist who has not kept pace with how dramatically cyber insurance underwriting has changed since 2020. But it does mean you should take a more active role in the conversation.
Ask your broker directly what warranty clauses exist in your current or proposed policy. These are the conditions that must be met for coverage to apply. If they cannot explain your warranty clauses, ask for the policy wording and read section by section for the words "warranted," "condition," or "required." Each of these signals an obligation you must maintain.
Ask what the policy covers in relation to business email compromise — where an attacker impersonates a supplier or executive to divert payments. BEC fraud accounts for a significant proportion of Irish cyber losses, but some policies exclude it or treat it as crime rather than cyber, requiring a separate policy. The distinction matters enormously if you are a Donegal professional services firm or a construction business making regular supplier payments.
A cyber insurance policy that does not reflect your actual security posture is not protection — it is a bill you pay until you discover it does not cover you.
Three Steps for Your Next Renewal
These three steps will give you more confidence that your next cyber insurance renewal reflects your actual risk and coverage needs.
Before your broker calls, compile a simple document covering: which systems you use, whether MFA is enabled on email and cloud accounts, what backup arrangements you have, and whether you have an incident response procedure. This document becomes the basis for an honest conversation about coverage.
Ask your broker to walk you through the warranty clauses in the proposed policy. For each warranty — MFA, patching, backups — confirm whether you currently meet it and what evidence you would need to produce in the event of a claim.
Request that the broker provide you with a comparison of at least two policies from different insurers, with the key exclusions and warranties highlighted side by side. If your broker cannot do this, they are not providing specialist cyber advice. Engaging an independent cybersecurity advisor to review your policy terms before signing is worth the cost.
Related Reading
- Cyber Insurance Questionnaire: What Insurers Are Actually Asking
- Cyber Insurance Claims Denied: Three Irish SME Scenarios
- Why Your Cyber Insurance Won't Pay Out
[^1]: Data Protection Commission Ireland — Guidance on data breach management and insurance obligations: https://www.dataprotection.ie [^2]: An Garda Síochána — National Cyber Crime Bureau guidance on cybercrime and ransomware prevention: https://www.garda.ie/en/crime/cyber-crime/ [^3]: NCSC Ireland — Incident response guidance for Irish organisations: https://www.ncsc.gov.ie/advice-for-organisations/
Pragmatic Security — Cybersecurity advisory for Irish businesses. Based in Donegal, Ireland. CISA, CISSP, CISM certified advisors.