Don’t let the wrong IT partner cost you more than just money. Here’s exactly what to look for.

What IT do conveyancing solicitors need to get and keep cyber insurance?

What IT do conveyancing solicitors need to get and keep cyber insurance?

Categories:
Published: 15th July 2026

To get and keep cyber insurance, conveyancing solicitors now need a baseline of IT controls: multi-factor authentication on every account, managed endpoint protection, tested and isolated backups, managed email security, prompt patching, staff training and a written incident plan. Insurers increasingly ask for these on the proposal form and will decline, load the premium, or refuse a claim if they are missing. Meeting them is part of managed IT that usually costs about £45 to £100 per user per month, and it both lowers your risk and makes you insurable.

Because conveyancers handle large client-account payments and sensitive data, they are exactly the kind of practice insurers scrutinise. For a Bishop’s Stortford practice, getting these controls in place, and being able to evidence them honestly, is now part of doing business. Here is what insurers look for.

Multi-factor authentication everywhere

MFA is the single control insurers ask about most, especially on email, remote access and any administrative account. It is the most effective defence against the stolen-password attacks that lead to most claims, and many insurers simply will not offer cover without it. Switching it on across the practice is usually the first thing to fix.

Managed endpoint protection and patching

Insurers expect modern, managed endpoint protection that watches for suspicious behaviour, not just an old anti-virus, together with prompt patching of Windows and your applications. Unpatched software is one of the most common ways attackers get in, so being able to show that updates are applied quickly and consistently matters on the proposal form.

Tested, isolated backups

Backups that an attacker cannot reach, and that you have actually test-restored, are central to both insurability and recovery. They are what let you decline a ransom and recover cleanly, and insurers increasingly ask whether backups are isolated and tested rather than simply present.

Email security, training and an incident plan

Managed email security to stop phishing, regular staff awareness training, and a written incident-response plan all feature on modern proposal forms. Together they show the insurer that you reduce the chance of an incident and could respond properly if one happened, which is exactly what they are pricing.

Cyber Essentials helps

Working towards Cyber Essentials is a practical way to cover most of what insurers ask for, and some insurers offer better terms or simpler applications to certified practices. It gives you a recognised standard to work to and a certificate that answers many proposal-form questions in one go.

Answer the proposal form honestly

It is vital that what you declare on the proposal form is actually true, because a claim can be refused if the controls you claimed were not really in place. This is where having a managed IT partner matters: the controls are genuinely implemented and maintained, so you can complete the form accurately and rely on the cover when you need it.

What good looks like

Done well, insurance renewal becomes straightforward. The controls insurers ask about are all in place and maintained, the evidence exists, and the proposal form can be completed quickly and truthfully, often with better terms because the practice is genuinely lower risk. You are insurable, the premium reflects real protection, and a claim would stand up.

Done badly, practices discover at renewal that they no longer qualify, or worse, find a claim challenged because a declared control was not actually working. Both are avoidable. Getting the foundations right once, and keeping them current, turns cyber insurance from a worry into a box that is genuinely ticked.

Where to start

If renewal is approaching, do not wait for the proposal form to find your gaps. A short review against what insurers now ask for, multi-factor authentication everywhere, managed endpoint protection, tested isolated backups, email security, patching, staff training and an incident plan, tells you exactly where you stand and what to fix first. Working towards Cyber Essentials at the same time covers most of the same ground and gives you a certificate to point to. Get these in place and kept current, and the next renewal becomes a quick, honest form rather than an anxious one, often on better terms because the practice is genuinely lower risk.

Why conveyancing solicitors choose First Stop IT

First Stop IT has supported businesses since 2002, including conveyancing solicitors and high-street practices, and we know the software you run every day: LEAP, Oyez forms, eSigner, BigHand, Sage Payroll, PTP and Xero, alongside Microsoft 365. We support conveyancing solicitors in Harlow, Bishop’s Stortford, Sawbridgeworth, London and across Essex and Hertfordshire. Our credentials include:

  • Cyber Essentials Certified
  • IASME Cyber Assurance (Gold)
  • NCSC Assured Service Provider (Cyber Advisor for Cyber Essentials)
  • Microsoft Partner
  • Crown Commercial Service Supplier (G-Cloud)
  • Quality Principles Certified

We look after more than 2,000 endpoints across 50 companies, we have been named a Top 50 UK MSP for three years running, and we support organisations with 10 to 100 employees across Essex, Hertfordshire and London, including Harlow and Bishop’s Stortford.

Book a free IT and cyber security review

Want this set up properly for your practice? Book a free IT and cyber security review with First Stop IT.