If you have been declined for cyber insurance or handed a remediation list, the path back to being insurable is to close the specific controls insurers flag — MFA, tested backups, patching, and a documented incident response plan — typically in 2–4 weeks. For an Irish business, address the controls your insurer named, in priority order, then reapply with documentation in the format insurers expect.
Half of Irish SMEs have been refused cyber insurance or given a remediation list they don't know how to action. We close the gaps insurers care about — MFA, backups, patching, incident response — typically in 2–4 weeks.
Why Insurers Are Saying No
Since 2023, Irish cyber insurers have dramatically tightened their requirements. Controls that were "nice to have" are now mandatory. The most common reasons for decline:
No MFA on email or remote access
Microsoft data shows MFA blocks 99.9% of automated attacks. Insurers know this — it's now non-negotiable.
No tested backup strategy
Untested backups are as good as no backups. Insurers want proof your data can be restored.
Unpatched systems
Known vulnerabilities left unpatched are the easiest attack vector — and the easiest reason to decline.
No incident response plan
Insurers want to know you can contain a breach quickly — not just react in panic.
What We Fix — And How Fast
We address the specific controls your insurer flagged, in priority order, so you can reapply as quickly as possible.
Multi-Factor Authentication (MFA)
The #1 reason insurers decline applications. We implement MFA across email, VPN, admin accounts, and cloud services — typically in under a week.
Backup & Recovery
Insurers want tested, immutable, offline backups. We design and verify a backup strategy that satisfies even the strictest underwriters.
Patch Management
Unpatched systems are an automatic red flag. We set up automated patching for OS, applications, and firmware with compliance reporting.
Incident Response Plan
Most insurers now require a documented, tested IR plan. We create one tailored to your business and run a tabletop exercise to prove it works.
Frequently Asked Questions
Why was my cyber insurance application declined?
The most common reasons are: no multi-factor authentication (MFA) on email and remote access, no tested backup strategy, unpatched systems, no documented incident response plan, and lack of employee security awareness training. Insurers have tightened requirements significantly since 2023 — controls that were optional two years ago are now mandatory for approval.
How long does remediation take?
Most Irish SMEs can address the critical gaps in 2–4 weeks. MFA deployment typically takes 3–5 days. Backup improvements take 1–2 weeks. An incident response plan can be drafted and tested within a week. We prioritise the specific controls your insurer flagged so you can reapply as quickly as possible.
How much does it cost to fix insurance gaps?
For most SMEs (10–100 employees), remediation costs between €3,000 and €8,000 depending on the gaps. This is a fraction of the average cyber incident cost for an Irish SME (€35,000–€65,000) and typically pays for itself through lower premiums within the first year. Many of these controls are also eligible for Enterprise Ireland or LEO cybersecurity grants.
Will fixing these gaps guarantee I get insured?
While we cannot guarantee any insurer's decision, we have a strong track record of helping businesses meet underwriter requirements. We address the specific controls your insurer flagged and provide documentation that demonstrates compliance. We also help you present your security posture in the format insurers expect to see.
Can I use a government grant to pay for remediation?
Yes. Enterprise Ireland's Cyber Security Review grant covers up to €3,000 for eligible businesses. LEO Trading Online Vouchers can cover some digital security improvements. The NCSC Remediation Grant may also apply. Use our free Grants Checker at www.pragmaticsecurity.ie/grants-checker to see what you qualify for.