Cyber Risk Intelligence  ◆  London

Is your cyber insurance
actually valid?

Most UK firms assume yes. The evidence from 2025 says otherwise. Three threats. All fixable. Here's exactly where you stand.

Check if your claim would pay out → See the 2025 attack data ↓
Most Urgent

Your cyber insurance
may already be void.

One unsupported device voids your entire claim — not reduces it. Voids it. Windows 10 reached end of life October 2025. Every machine still running it is a live warranty breach — today.

Poor patching is treated the same way. If critical updates aren't applied within 14 days and evidenced, your policy's "reasonable care" clause is breached.

If ransomware hits, your M365 or Google Workspace sync copies the destruction instantly. 56% of firms have no independent backup — and don't know it until recovery fails.

Good news — most firms we work with are fully clean in under 3 weeks.

◆ Claim Integrity Audit

Would your insurer pay out?

UK insurers conduct forensic audits after a breach. Check the four technical warranties they look for first.

Universal MFA Enforcement
Active on all cloud accounts and remote access
Verified 14-Day Patch Cycle
Critical updates applied and evidenced within 14 days
No End-of-Life Devices
Zero machines running Windows 10 or Server 2012
Off-Site Evidence Logging
Security logs stored outside your primary environment
100%
Claim Rejection Probability
Policy Integrity Failure
Your current IT posture provides the insurer with multiple legal 'outs'. You are paying for a policy that is statistically likely to be rejected during a post-breach forensic audit.
2025 Reality

What actually happened to
UK businesses last year.

8.58MReported Cyber Incidents
204Major Business Incidents
£10,830Average Loss per Incident
Ransomware Growth vs Prior Year
19,000UK Firms Hit by Ransomware

The firms we audited in Q4 2025 fixed 87% of these risks in under 3 weeks.

The £10,830 average is a floor, not a ceiling. For mid-size professional services firms, direct recovery typically runs £40,000–£120,000 once forensics, staff overtime, and system rebuild are included — before legal costs or regulatory fines.

What would 8 hours of downtime actually cost your firm? Most businesses dramatically underestimate the real number. Enter your revenue and payroll to find out in 30 seconds.

Use the calculator →
April 2026 Deadline

It used to be "tell us."
From April 2026, it's "show us."

From April 2026, self-declaration is replaced by evidenced controls. Most firms holding CE today will need to update their posture — and firms being asked to show CE for new contracts or tenders face a significantly more demanding process.

Until April 2026

Tell us you've
done it.

Self-assessment questionnaire — no independent verification
Declaration-based: firms confirm they meet five control categories
No requirement to produce logs, configuration records, or audit trails
Cloud and SaaS services often excluded from scope by default
Gaps are common and undiscovered until a breach occurs
From April 2026 — CE v3.3

Show us you've
done it.

All cloud and SaaS platforms formally in scope — no exclusions
14-day patching must be evidenced, not declared
MFA enforced across 100% of cloud systems with documented proof
Device inventory must account for every endpoint accessing business data
Application allow-listing controls must be demonstrable on request

The firms we audited in Q4 2025 fixed 87% of these gaps in under 3 weeks. CE v3.3 readiness is achievable — it just needs to be approached in the right order.

◆ CE2026 Readiness Check — Preview

Are all cloud and SaaS platforms formally included within your Cyber Essentials scope?

This is Step 1 of 10. The full assessment scores your readiness across all CE v3.3 control areas and produces an executive risk summary.

Take the full CE2026 assessment →
BOOM  ◆  London

Find out where
you actually stand.

No jargon. No pressure. We come to you, review your infrastructure against all three risk areas, and give you a plain-English written report — usually within 48 hours.

Get your free exposure report — 15 minutes →

Or call us: 020 8342 5010