Protrona produces the evidence pack underwriters accept, closes the exclusion traps and introduces you to our broker partner, New Dawn Risk, for a reduced premium term.
New Dawn Risk is our premium cyber insurance partner.A cyber-specialist broker with A-rated capacity, FCA authorised in the UK and MFSA regulated in the EU. They place policy through their A-rated insurer panel.
Cyber insurance premiums rose by up to 109% in 2021 alone—meaning many organisations saw costs more than double year-on-year. (InsuranceToday - Cyber Premiums Rising) The spike relaxed briefly in 2025, but insurers tightened underwriting again for 2026. That is something that your CFO has the right to be concerned about. Ease their minds, the only sustainable way to control premium cost is to reduce risk noticeably.At renewal, that means a pentest, MFA enforcement, and EDR deployment , evidence that the underwriter can verify. This is what Protrona can provide.
For your CISO
Cyber insurance is getting tougher. With tighter underwriting and new regulations like DORA and NIS2, scrutiny is rising. In fact, 56% of CISOs say they’ve had a claim denied in the past year. Often, it comes down to one issue: no proof security controls were working at the time of the breach. A Protrona penetration test with verified remediation provides the evidence insurers expect, so your policy holds up when it counts.
For your IT Director
Modern cyber insurance supplementals go far beyond basic forms, asking detailed questions on areas like MFA coverage, EDR deployment, patching timelines, backup testing, and incident response readiness.
If these are answered inaccurately, insurers may later void a policy after a breach under misrepresentation clauses. At Protrona, we ensure everything is in place, so when the time comes, you are able to answer accurately and be adequately set up.
For your Risk Manager
Protrona evidence Pack ensures exclusions do not swallow your claim. War exclusions (Lloyd's mandate since 2023). Social engineering carve-outs. Supply chain sublimits. Known vulnerability exclusions. The average UK policy has 12 to 15 exclusion categories. Most buyers do not read them until a claim is filed. Protrona’s evidence pack closes the exclusions you can close and surfaces the ones you cannot, so nothing is a surprise.
Checks are run before your application is read. Ensure you are ready.
Underwriters carry out automated checks on your environment before they even review your application, scanning for exposed ports, weak email protections like missing DMARC, unpatched external services, and compromised credentials on the dark web. Your answers need to align with what they see. When they don’t, premiums increase. Most organisations never know what data was checked or how they were assessed. Protrona’s readiness services replicate the insurer’s external view, validate it against your declared security posture, and close any gaps before your broker submits your application.
Evidence Needed: Configuration audit and attestation
What proof you need from this:MFA coverage report, exception register
Protrona Service: Internal network pentest + AD password audit
How this changes your premium: 30 to 50 percent loading removed; ransomware cover restored
How Underwriters Translate Cyber Risk into Coverage
Every coverage decision comes down to one question: Can you prove your controls?
Cyber insurance is evaluated line by line, rather than holistically.
Underwriters map your security controls against specific coverage areas, and where evidence is missing, exclusions are applied.
The framework below shows exactly how each major coverage area is assessed, and how validated controls from Protrona, placed through New Dawn Risk (NDR), translate into stronger policy outcomes.
In simpler terms, is a control cannot be evidenced, the associated coverage is often restricted or excluded
1. Prevention Controls
(Controls that determine if an attack succeeds)
a. Ransomware & Extortion
Underwriters expect: MFA, EDR, tested backups, IR readiness Protrona validates via: Penetration testing, MDR, IR retainer Outcome (via NDR): Ransomware cover reinstated to primary layer
Underwriters expect: Structural exclusion Protrona + NDR provide: Forensic attribution support if disputed Outcome (via ND): Reduced ambiguity at claim stage and stronger positioning in disputed scenarios
Lower Your Cyber Insurance Premium
At renewal, insurers aren’t just reviewing your policy; they’re also reassessing your risk.
It’s simple – the clearer the evidence, the lower your premium.
With Protrona + New Dawn Risk
When controls are tested and evidenced, underwriters gain confidence.
Lower premiums (typically 10–40%)
Lower excess levels
Stronger limits, fewer sublimits
Exclusions reduced or removed
Faster, smoother renewals
Stronger claim outcomes
Without Evidence
When controls are declared but not validated, underwriters assume higher risk.
Higher premiums
Higher excess
Restricted cover and sublimits
Broad exclusions Tougher renewals
Greater chance of claim disputes or rejection (up to 44%)
The Commercial Impact
• A 10–20% saving at renewal can often cover the cost of readiness • Your evidence remains valid for 12 months and can be used with any broker • New Dawn Risk uses this evidence to negotiate better terms on your behalf
Cyber Essentials Plus: The Certification Insurers Value
Cyber Essentials Plus is a UK government-backed certification that demonstrates your security controls are not just in place but also independently tested. For insurers, that means one thing: reduced uncertainty.
Eligible UK organisations (under £20M turnover) can receive up to £25,000 of cyber liability insurance at no additional cost, providing a useful baseline level of protection alongside certification.
Evidence that underwriters can act on: What your Broker Receives
Most cyber insurance applications rely on forms and declarations, but this doesn’t.
Your Evidence Pack turns your security posture into clear, structured proof, packaged specifically for brokers and underwriters to review, price, and place risk with confidence. This way, rather than telling underwriters what you have , you can prove it to them.
What's included?
Penetration Test Report (CREST-aligned)
Executive and technical findings that demonstrate real-world resilience, not just assumed security.
Cyber Essentials Plus Certificate
Independent validation of core controls, recognised and trusted by insurers.
Incident Response Plan & Testing Record
Documented response capability, including evidence of recent tabletop exercises.
Control Validation Register
A clear record of key controls (MFA, EDR, backups, patching) with proof of implementation and testing.
Exclusion Register
A transparent view of where exclusions apply, where they’ve been removed, and any remaining residual risk.
Board-Level Summary
A concise, decision-ready overview for leadership and underwriters, aligned to governance expectations.
Your Renewal Journey
A clear, structured process designed to move you from assessment to improved cover with minimal disruption to your team.
Typical timeline: 4 to 8 weeks (Condensed timelines available for urgent renewals)
Step 1 - Discovery
A short initial call to understand your current policy, renewal timing, and priorities
Step 2 - Readiness Review
We assess your environment against insurer expectations and identify gaps that impact premium and coverage.
Step 3 - Evidence Build
Key controls are tested, validated, and documented, including penetration testing, certification readiness, and response capabilities.
Step 4 - Evidence Pack Delivery
Your insurer-ready evidence pack is produced, clearly structured for underwriting review.
Step 5 - Placement & Renewal
New Dawn Risk uses your evidence to present your risk effectively and negotiate improved terms at renewal.
Who is this for?
Mid-Market Organisations
(250–2,500 employees)
For businesses with complex environments, rising premiums, and increasing underwriter scrutiny.
Best for teams needing clear evidence, stronger coverage, and board-level visibility
The Regulated Sectors.
Financial services, healthcare, legal, and professional services facing strict compliance and reporting requirements. Ideal where insurance, regulation, and audit expectations overlap
Organisations Approaching Renewal
(60–180 days out)
For businesses seeing rising premiums, tighter terms, or more detailed underwriting questions. Designed to improve your position before submission, rather than after.
SMEs Certified with Cyber Essentials Plus
For smaller organisations looking to strengthen both certification value and insurance outcomes.
Helps convert certification into real coverage and pricing advantages.
Common Cyber Insurance Exclusions: The Traps that Lead to Rejected Claims
Some exclusions can be reduced with evidence, but some others can’t.
Prior Knowledge & Unpatched Issues
If a vulnerability is identified but not fixed and down the line gets exploited.
Start Improving Your Position and move from generic security spend to targeted insurance outcomes.
Start with a clear view of your risk and coverage.
The biggest improvements in coverage and cost happen before your renewal is submitted. We help you identify what matters, validate your controls, and present your risk in a way underwriters trust.
Start with a readiness assessment
Understand where your current position impacts premium, exclusions, and coverage.
Cyber insurance protects businesses against financial losses from events like ransomware, data breaches, and business interruption.
For most organisations that depend on digital systems or work with partners who require it, it’s now a standard part of risk management. It doesn’t replace security; it covers the residual risk after controls are in place.
Costs vary widely depending on size, sector, and risk profile.
Mid-market organisations typically see premiums ranging from £8,000 to £50,000+, with higher-risk sectors paying significantly more. Demonstrating strong, validated controls is one of the most effective ways to reduce this.
Most insurers expect a baseline including: • Multi-factor authentication (MFA) • Endpoint protection (EDR/AV) • Patch management • Secure backups • Access control However, it’s not just about having controls it’s about proving they are in place and effective.
Yes, when combined with remediation and validation.
A standalone test has limited impact, but evidence of identified vulnerabilities being fixed and retested can: • Improve underwriter confidence • Reduce exclusions • Support better pricing at renewal
Most claims are not denied because of the attack, but because of policy conditions and exclusions.
Common reasons include: • Known vulnerabilities not remediated • Missing or misconfigured controls (e.g. MFA) • Failure to meet declared security standards • Lack of evidence at claim stage
Common exclusions include: • Prior known vulnerabilities • Social engineering (without specific endorsement) • Supplier or third-party incidents (in some cases) • War and nation-state activity
Some of these can be reduced with evidence, others are structural.
Yes, SMEs are frequently targeted and often have fewer resources to recover from an incident. Many contracts now also require cyber insurance as a condition of doing business.
No. Protrona provides security validation and evidence.
New Dawn Risk (NDR) is our partner cyber insurance broker who handles insurance placement and negotiation, ensuring your validated controls are reflected in your policy terms.
.jpg?height=2000&name=Untitled%20design%20(14).jpg)
.jpg?height=2000&name=Untitled%20design%20(15).jpg)
.jpg?height=2000&name=Untitled%20design%20(16).jpg)
.jpg?width=2000&height=200&name=Infrastructure%20and%20Azure%20(1).jpg "Infrastructure and Azure (1)")
%20(12).jpg?width=2000&height=200&name=DCC%20Webpage%20Image%20(3000%20x%20300%20px)%20(12).jpg "DCC Webpage Image (3000 x 300 px) (12)")
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
%20(10).jpg?width=2000&height=200&name=DCC%20Webpage%20Image%20(3000%20x%20300%20px)%20(10).jpg "DCC Webpage Image (3000 x 300 px) (10)")
%20%26%20Social%20Engineering.jpg "Business Email Compromise (BEC) & Social Engineering")
%20%26%20Social%20Engineering%20%20(1).jpg "Business Email Compromise (BEC) & Social Engineering (1)")
%20%26%20Social%20Engineering%20%20(2).jpg "Business Email Compromise (BEC) & Social Engineering (2)")
%20(13).jpg?width=2000&height=200&name=DCC%20Webpage%20Image%20(3000%20x%20300%20px)%20(13).jpg "DCC Webpage Image (3000 x 300 px) (13)")