Home Services Medical Practices Veterinary Clinics Law Firms Construction & Trades Federal Contractors How We Work Results About Get Assessment

Our cyber insurance renewal is asking about MFA and EDR: what do we need?

By the Sentry Consulting Group team · Updated July 2026 · 5 min read

Cyber insurance used to be a short form and a check. Now the renewal application is a security questionnaire, and the answers you give are binding. For construction and trades companies, this catches a lot of owners off guard: the questions assume controls that generic IT support never put in place.

Why insurers started asking

Payouts for ransomware and wire fraud climbed, so insurers pushed the risk back onto policyholders. If you attest that you have a control and you don't, you can jeopardize coverage or complicate a claim depending on the policy language, and in construction, where a single fraudulent wire can be six figures, that's the exact scenario you bought the policy for.

Ransomware factored into roughly a quarter of breaches in Verizon's 2024 Data Breach Investigations Report and touched the large majority of industries, which is much of why insurers now scrutinize backups, EDR, and MFA so closely. (Verizon DBIR)

The controls a renewal usually asks about

What this means practically

Most contractors can answer "yes" honestly to all of these only once a managed IT provider has put the controls in place and can document them. The documentation is the part people underestimate; an insurer (or a claim adjuster later) may ask for evidence, not just a checkbox. A provider who maintains that evidence turns renewal season from a scramble into a form you fill out in an afternoon.

Part of our guide to IT for construction and trades companies in Northern Virginia. See how Sentry supports construction and trades, or book a free assessment.

Common questions.

What IT controls does cyber insurance require for contractors?

Renewals commonly require MFA on email and remote access, managed EDR, tested backups, email filtering, patch management, security-awareness training, and an incident response plan. The exact list varies by carrier, but MFA and EDR are near-universal.

What happens if we say we have a control that we don't?

It can affect your coverage. Cyber insurance applications are binding attestations, so answering inaccurately, even unintentionally, can jeopardize a payout depending on the policy language and the circumstances. It's worth having a provider confirm each answer is actually true before you sign.

Can a managed IT provider help with the insurance questionnaire?

Yes. Sentry maps each questionnaire item to a control in your environment, implements what's missing, and maintains the documentation an insurer or adjuster may ask for, which often turns a stressful renewal into a quick, accurate form.

Find out where your operations stand.

We will review your current environment, identify the gaps, and tell you exactly what it would take to bring your IT operations up to a disciplined, documented standard. If something is outside our scope, we will say so directly.

Schedule Your Free Assessment

No pressure, no obligation. Available to practices and businesses in the DC/MD/VA corridor.