Week Ahead: What's Coming on The Small Business Cyber Security Guy
Sunday 12 April 2026
Right. It’s been a full week. Let me recap what we covered and tell you what’s coming.
This Week: The Cyber Insurance Series
Episode 15 of The Small Business Cyber Security Guy launched Monday, with Mauven MacLeod, Graham Falkner, and myself working through how UK cyber policies actually work, why claims get denied, and what to do about it. If you have not listened yet, it is on all the podcast platforms now.
The week’s blog content expanded on every major theme from the episode:
Monday: You Bought Cyber Insurance. Congratulations. Now Read the Bloody Small Print. The overview. What the Insurance Act 2015 actually means, why £197 million in UK claims paid in 2024 does not tell the whole story, and three things to do this week.
Tuesday: The Proposal Form That’s Building a Landmine Under Your Business. Graham Falkner’s deep-dive on the five questions that kill the most UK claims, why optimism on the form is a structural problem, and what to do if your answers and your reality have drifted apart.
Wednesday: The War Exclusion in Your Cyber Policy. Mauven MacLeod on Lloyd’s Market Bulletin Y5381, what the state-backed cyber exclusion actually says, why the NotPetya precedent matters, and the three questions to put to your broker.
Thursday: Six Controls That Stand Between You and a Denied Cyber Claim. Graham’s practical checklist. Exactly what “in place” means for MFA, backups, patching, account hygiene, logging, and incident response. With the evidence you need to keep.
Friday: MFA on the Firewall, Not the Servers. Lucy Harper’s case study on the UK business whose policy was voided because MFA existed on the VPN but not on the servers where the breach occurred. Why this is not a rare edge case.
Saturday: Your Insurer Isn’t Betting On Your Security. They’re Betting You Can’t Prove It. My view on the real incentive structure behind claims investigation, and why the gap between having controls and being able to document them is where most of the damage happens.
The complete week is a reading list you can hand to any business owner who thinks their cyber insurance is sorted.
The Three Actions You Should Have Taken This Week
If you read nothing else from this week, take these three actions:
1. Pull your proposal form. Find it, read it, and for every security-related question ask whether you can prove the answer is accurate today.
2. Check your MFA coverage. Not just the main VPN. Every remote access path. Every user. Dated documentation of the enrollment status.
3. Write one page. Who you call, who authorises decisions, who talks to customers, and the insurer’s emergency number. Print it. Put it somewhere physical.
What’s Coming Next Week
Next week we are moving on to a topic that generates more questions than almost anything else I cover: the Microsoft 365 threat landscape as it actually stands in 2026.
Not the theoretical risks. The specific attack patterns that are being used against UK SMBs right now. Business email compromise. Token theft that bypasses MFA. The techniques that are making “we have Microsoft 365 with MFA” a less complete answer than it used to be.
Episode 16 launches Monday. If you are not subscribed to the podcast, subscribe now so you do not miss it.
And if this week’s content on cyber insurance was useful, please share it. The businesses that most need to read it are the ones least likely to find it on their own.
Related Posts: