Insights for commercial business owners.

Cyber-insurance-defensibility, MDR / SOC, MFA, ring-fencing, immutable backups, and the managed IT controls 10-25 person commercial businesses need to pass renewal questionnaires the first time and defend claims when an incident happens. Practical guidance from the TDS-IS analyst desk for manufacturing, engineering, professional services, and healthcare-adjacent operators.

Complete Guides
Pillar Guide

How do you make your IT cyber-insurance defensible? A 2026 guide for commercial businesses.

Carriers now refuse to renew or pay claims when MFA, MDR, ring-fencing, immutable backups, and IR plans are missing or undocumented. The complete eight-control walkthrough, the three-audience defensibility test, and the 90-day path from where you are today to renewal-ready.

Read Guide
Deep Dives
Claim Denial

Why do cyber insurance claims get denied? The top 5 reasons in 2026.

Misrepresentation, war exclusions, failure to maintain stated controls, late notice, and out-of-policy vendors. The five denial mechanics, the cases behind them, and the defensibility evidence that prevents each.

 Detection & Response

What is the difference between MDR, SOC, EDR, and SIEM, and which one does cyber insurance actually want?

Cyber insurance applications ask about MDR, SOC, EDR, and SIEM as if they are interchangeable. They are not. The four-term comparison, where each fits, and what carriers really want to see.

 MFA

What MFA does cyber insurance require in 2026?

Phishing-resistant factors, where carriers expect enforcement, the attestation gaps that trigger denials, and how to prove MFA enforcement to your underwriter through Conditional Access exports and SIEM correlation.

 Cyber Insurance

What does "cyber-insurance defensible" actually mean?

Defensibility is more than checking boxes on an application. The three-audience test (underwriter, IR forensics, claims adjuster), how defensibility differs from "secure," and the five-question self-test you can run today.