The Unpaid Work You're Already Doing

It's February. Your phone rings. It's one of your MSP clients. "Hey, our insurance broker is asking about cyber coverage renewal, and they want a list of our security controls. Can you pull that together by Friday?"

You say yes. You know the answer because you built the stack: MFA is configured everywhere except some legacy apps. EDR is running on 95% of endpoints. Backups are tested quarterly. You've got the knowledge and the access.

Four to six hours later, you've compiled reports from Entra ID, pulled EDR status from your endpoint platform, gathered backup verification emails, and assembled a Word doc for the client to send to their broker. The client signs it. The broker submits it. Your client's policy renews.

You don't invoice for those hours.

This is the service gap for MSPs. You're already managing the security infrastructure. You're already maintaining the controls that carriers actually care about at renewal. But you're delivering that value without capturing it—because it's not packaged as a service, priced as a service, or positioned as a service.

Cyber insurance renewal prep is predictable, recurring, and directly tied to the infrastructure you already manage. It's also increasingly essential: 41% of first-time SMB cyber insurance applications are now rejected due to inadequate evidence. That number will only grow as carriers tighten underwriting. The question isn't whether you'll do this work. The question is whether you'll charge for it.

Key takeaways

  • Renewal prep is already being done inside many MSP relationships. It is just not always named, scoped, or billed properly.
  • The winning offer is not "we will fill out your insurance forms." It is "we will produce defensible technical evidence for the controls carriers keep asking about."
  • The most natural productization path runs through QBRs, not emergency renewal week.
  • MSPs should separate evidence work, remediation work, and final client attestation so the service stays profitable and defensible.

Why MSPs Are in the Best Position to Own This Work

Carriers keep asking about the same kinds of controls:

  • MFA
  • endpoint protection
  • backups and restore testing
  • email security
  • patching
  • incident response readiness
  • training
  • privileged access

Those are not abstract insurance topics. They are operational topics MSPs already touch.

The gap is not technical ownership. The gap is evidence packaging.

That is what creates the service opportunity. The MSP already has access to the systems of record. The broker needs clean evidence. The client needs help answering without overcommitting. The MSP is sitting in the middle of all three needs.

The Real Service: Producing Technical Evidence, Not Filling Out Forms

Do not position the offer as "we will answer the insurance application for you."

That drifts too quickly into legal, coverage, and attestation territory that should remain with the broker and the client.

A better positioning statement is:

"We produce the technical evidence package your broker needs to answer the form accurately."

That keeps the service inside a strong lane: technical verification, documentation support, evidence freshness, exception surfacing, and remediation recommendations. The client and broker still decide the final answer language and signing path.

The Business Opportunity: Why Renewal Prep Works as a Recurring Service

Before we talk about packaging, let's talk about why this works as a business model.

It's recurring. Every client with a cyber policy faces renewal every 12 months, usually in a 90-day window before expiration. You can predict the cash flow. You can staff it. You can build a process. The best revenue model is not one emergency project each year—it's an annual or quarterly evidence workflow that makes the renewal easier every time.

It's predictable in scope. The work isn't open-ended. A cyber insurance renewal packet has a fixed set of questions and required evidence types. You can estimate time and cost per engagement once you've done it three times.

It's sticky. Once you've been the person who assembled the renewal evidence and got the policy approved, you're the person the client calls next year. This isn't a one-time project. It's a retention tool disguised as a service.

It's high-margin leverage. Your cost is your time, plus optional tools. The value to the client is measured in policy approval, premium reduction, and elimination of the hassle that makes them want to hire another firm. Once you've automated parts of the process—using evidence connectors and white-label reports—your time investment per client drops while your pricing stays flat.

It addresses a growing problem. Carriers are rejecting SMB applications at historic rates. Carriers are raising premiums for clients with weak evidence. Carriers are demanding more granular control verification at renewal. This trend is structural, not cyclical. The market pain is real, and it's not going away.

The broker doesn't have technical access to your clients' infrastructure. The client doesn't have the technical knowledge to map their controls to carrier requirements. You have both. That's where the leverage is.

Why QBRs Are Where the Revenue Really Comes From

The systems are already open in your quarterly business reviews. The control conversation is already happening. The incremental move is to export the evidence while you're already in the console and keep it organized for renewal.

This is exactly the behavior described in the MSP workflow: use the quarterly review to collect reusable proof before the renewal email becomes urgent. The most natural recurring deliverables are:

  • quarterly outside-in readiness snapshot
  • quarterly MFA and identity evidence refresh
  • quarterly endpoint and backup evidence refresh
  • policy/document refresh where needed
  • renewal packet assembly when the market asks

That creates a service the client can understand: operational evidence maintenance, not just annual scramble help.

Defining the Service: Three Tiers of Renewal Prep

You don't have to choose between one-size-fits-all or infinite customization. Instead, define three tiers that map to client complexity and your time investment.

Tier 1: External Readiness Check

Scope: Run a domain scan. Deliver a readiness scorecard. Flag critical blockers.

Deliverables:

  • DMARC, SPF, DKIM configuration status
  • Domain expiration and registrar verification
  • SSL certificate validity
  • Known breach status (Have I Been Pwned, Dehashed)
  • Readiness scorecard (pass/warning/fail by category)
  • Executive summary with blockers and quick wins

Effort: 1–2 hours per client (mostly tool-driven)

When to use it: Clients with simple infrastructure, or early-stage discovery when you're not sure if full renewal prep is needed

Positioning: "We're running a quick external audit before renewal season. This tells us what carriers will see from the outside and what we should fix before submission."

Tools required: The free /scan, plus 30 minutes of analysis and summary writing

Typical pricing: $200–$500 per scan (or bundle 3–5 scans into a quarterly "renewal readiness" package)

Tier 2: Evidence Collection & Assembly

Scope: Pull technical reports from the platforms you already manage. Format them. Organize them. Make them submission-ready.

Deliverables:

  • MFA/SSO configuration report (from Entra ID, Okta, or Duo)
  • Endpoint detection & response evidence (agent count, last 90-day incident summary)
  • Backup verification (last successful backup date per system, RPO/RTO documentation)
  • Patch management status (Windows Update, third-party patching)
  • Incident response plan (templated if needed; you fill in client-specific details)
  • Evidence packet: organized folder structure, formatted for carrier submission
  • Readiness checklist (what we have, what we don't have yet)

Effort: 4–8 hours per client, depending on platform count and documentation gaps

When to use it: Most clients, especially those with 50–500 seats where the control set is substantial but not Byzantine

Positioning: "We're packaging the security evidence you already have into a format your broker can submit. This accelerates approval and often improves your premium."

Tools required: /guides for export instructions, /dashboard/connectors for automated evidence pull (if available for the client's platforms), /dashboard/evidence to track collected items

Typical pricing: $1,200–$3,000 per client, annual. (Or $150–$250 per engagement if you're using this as a once-per-renewal service.)

Tier 3: Full Renewal Support

Scope: Everything in Tier 2, plus supplement decoding, control mapping, gap analysis, and broker coordination.

Deliverables:

  • Complete supplement review: breakdown of every question, mapping to evidence you have or need
  • Control ledger: 15 key controls mapped to client infrastructure and to carrier requirements
  • Evidence collection plan: what we have, what we need, where to get it
  • Gap remediation: template responses for gaps, or recommendations for quick fixes before submission
  • White-label readiness report: branded with your MSP logo and messaging, showing control status and evidence links
  • Broker coordination: work directly with the broker to answer technical questions during underwriting
  • Renewal tracking: calendar reminders for future years, control maintenance roadmap

Effort: 12–20 hours per client, spread over 4–8 weeks

When to use it: Larger clients, complex control requirements, high-value policies, or clients who have had prior renewal problems

Positioning: "We're taking ownership of your cyber insurance readiness. From supplement to signature, we're the technical partner who ensures the evidence is right and the approval is fast."

Tools required: The full BindLedger stack—/dashboard/clients for multi-client management, /dashboard/connectors for automated evidence, /guides for platform-specific exports, white-label reports (if on Scale tier)

Typical pricing: $3,500–$8,000 per client, annual. (Or $2,500–$4,500 per engagement if variable.) Can also be priced as a percentage of policy premium: 3–5% of annual premium is common for high-touch consulting.

How to Price: Frameworks That Work

Don't try to price based on hours. Your clients don't care how long it takes; they care about the outcome (approval, lower premium, faster renewal).

Framework 1: Per-Client Annual Fee

Charge one flat price per client per year for renewal prep. Scope is fixed (Tier 2 or Tier 3). You do the work on whatever timeline the client needs within the renewal window. You handle updates and follow-ups as part of the package.

Example: $2,000/year per client for Tier 2 evidence collection. You do the work in the 60 days before renewal.

Pros: Predictable cash flow. Clients know the cost upfront. Easy to forecast revenue.

Cons: You eat overages on complicated clients. You need to define scope tightly.

Framework 2: Per-Engagement Fee

Charge when renewal actually happens. Tier 1 is $400, Tier 2 is $1,500, Tier 3 is $5,000. The client only pays in their renewal year.

Example: A client's policy renews in March. You run Tier 2, invoice $1,500, get paid before renewal.

Pros: No one pays twice for the same year. Simple, transactional. Clients see the service at the moment they need it.

Cons: Lumpy revenue. Hard to forecast. Clients may shop around for each renewal.

Framework 3: Percentage of Premium

Charge 3–5% of the annual policy premium as your renewal prep fee.

Example: Client's cyber policy premium is $2,000/year. You charge $100/month ($1,200/year) for Tier 3 support.

Pros: Your fee scales with client risk (higher premium = more complex evidence usually needed). Aligns your incentive with the client's insurance outcome.

Cons: Requires access to policy documents. Creates incentive to upsell higher-tier service. Some clients resist "percentage of premium" models.

Framework 4: Service Tier + Per-Engagement Add-On

Charge a low annual fee ($300–$600/year) for access to your renewal prep process, then charge per engagement (Tier 2 = $1,000, Tier 3 = $2,500) when renewal happens.

Example: "Renewal Readiness Plan, $400/year. When your policy comes up for renewal, we'll run a full evidence collection (Tier 2, $1,200) at renewal time."

Pros: Retains client relationship during off-cycle months. Creates visibility of the service year-round. Smooths cash flow.

Cons: Requires ongoing communication. Per-engagement fees can create friction at renewal if the client forgot about it.

What to avoid:

  • Don't price below $300 for any tier. You're solving a high-stakes problem. Underpricing trains clients (and your market) to see this as cheap.
  • Don't include unlimited revisions or broker calls. Define "included" clearly. "Two rounds of revisions, three broker touchpoints" is specific. "We'll keep working until your broker is happy" is a time sink.
  • Don't price the same for all clients. A 15-person firm and a 500-person firm need different evidence complexity. Adjust.

Positioning: What You're Really Selling

Don't market this as "cyber insurance help." That's too generic and doesn't differentiate you from brokers or consultants.

Instead, position it as renewal readiness or attestation verification.

"We manage your security stack. We also document it in a format that carriers actually need. That's how you get faster approval and better rates."

Use this language:

  • Renewal readiness check (instead of "insurance audit")
  • Attestation verification (instead of "compliance check")
  • Control ledger (instead of "control documentation")
  • Evidence packet (instead of "insurance file")

This language connects the service to the infrastructure work you already do. It also makes clear that you're not doing compliance consulting or legal advice—you're documenting technical reality.

How to Position It to Clients and Brokers

The simplest client-facing pitch is usually the strongest:

"You already pay us to help run the controls. This service makes those controls provable when your cyber renewal comes due."

The simplest broker-facing pitch is similar:

"We can deliver a clean technical evidence package faster because we already operate the systems the carrier keeps asking about."

That positioning does two things at once: it keeps the MSP in a high-value technical lane, and it makes the service relevant to both the insured and the distribution channel.

The QBR Angle

Don't let this be a once-a-year service. Integrate the control ledger into your quarterly business reviews with clients.

Every quarter, show them the status of the 15 controls you've defined for their renewal. Not just "here's what you have," but "here's what changed this quarter, here's what we fixed, here's what your carrier cares about."

This does three things:

  1. It makes the renewal prep service visible year-round, not just in the renewal window.
  2. It creates conversation hooks for upselling security services (if MFA is weak, you discuss MFA projects; if backup is failing, you discuss backup infrastructure improvements).
  3. It builds the evidence incrementally, so when renewal actually happens, you're not scrambling—you've been collecting it all year.

The Upsell Path Most MSPs Miss

Renewal evidence work naturally exposes remediation work. That is one of the biggest commercial advantages in the whole category.

A weak evidence packet often surfaces one of four things:

  • MFA is incomplete
  • DMARC is still weak
  • backup testing is not current
  • or documentation is missing or stale

Those are not just renewal blockers. They are service opportunities.

The clean way to handle them is to split the commercial conversation into two lanes:

Lane 1: Evidence Work Export, document, package, explain.

Lane 2: Remediation Work Deploy, harden, test, tune, and monitor.

That separation makes the offer clearer and makes margin easier to protect. It also prevents the client from assuming that every remediation project is included in the renewal support fee.

What to Bill Separately

This is where a lot of MSP margin disappears. These should usually be separate line items or separate scopes:

  • Remediation projects (MFA modernization, DMARC hardening, backup architecture changes)
  • Major policy rewrites
  • Identity redesign
  • Email-security hardening
  • Major broker meeting support
  • Emergency turnaround inside short deadlines

The recurring service should monetize the evidence lifecycle. The deeper engineering work should remain separately scoping-eligible.

The MSP Liability Angle: Why Structure Matters

There's a second reason to package this service beyond the revenue. Liability.

Let's say you manage the MFA at a client. Your client attests to the carrier: "We have multi-factor authentication on all remote access." But MFA is only configured for VPN access, not RDP. Six months into the policy, the client gets ransomware via RDP. The claim gets denied because the attestation was false.

Where's the blast radius?

  • The client is in breach of the insurance contract
  • The broker recommended the policy and may be held liable for underwriting failure
  • You implemented MFA but didn't document its scope. If the client claims you told them it covered everything, you're now in the liability story.

Structured evidence collection protects you because it creates a documented record of what you actually implemented and what you didn't. The control ledger becomes your defense: "Here is what we documented in February. The client and broker both saw it. It said MFA covered VPN but not RDP."

This isn't about being defensive. It's about being precise. Attestations are legal instruments now. You shouldn't be part of crafting them without rigor.

For deeper context on this risk, see MSP Liability in Cyber Insurance Attestation.

Four Guardrails That Keep the Service Defensible

A profitable service still needs operational guardrails:

Guardrail 1: Do not sign for the client. The MSP can produce evidence. The client and broker still own final attestation and coverage decisions.

Guardrail 2: Document freshness rules. A quarterly export is not automatically valid forever. Make freshness part of the service so the client understands why the work recurs.

Guardrail 3: Keep evidence client-specific. Reusable workflow is good. Reused evidence across different clients is not. Every packet should remain tied to the insured, the systems, and the dates involved.

Guardrail 4: Make exceptions visible. If MFA excludes a workflow or backup testing is overdue, surface it. The service should make the truth easier to understand, not easier to blur.

Tools That Make This Scalable

You don't have to build any of this from scratch. The right tooling is what turns this from a high-effort service into a repeatable, scalable one.

A good operational stack for this service includes:

Evidence Connectors

Manual evidence collection is a time sink. Connectors that auto-pull from M365, Entra ID, Okta, Duo, Veeam, CrowdStrike, or SentinelOne means you're not waiting on clients to export files or typing data into forms. You connect, you pull, you go.

Collection Guides

Step-by-step export instructions for 30+ platforms. When you need evidence from a platform your team hasn't used before—or when your client is on a vendor you didn't expect—guides accelerate the collection process.

White-Label Reports

If you're managing Tier 3 engagements, the deliverable should look like it came from your MSP, not from a third-party tool. A white-label readiness report branded with your logo and messaging turns the tool output into your intellectual property.

Control Ledger

The ledger is the record. Who owns each control? What's the status? What evidence do we have? What do we still need? The ledger is what you show the client in the QBR, what you submit to the broker, and what you archive for your own liability defense.

This isn't product marketing. It's the workflow you need to operate at scale.

Putting It Together: A Typical Renewal Engagement

Here's what a Tier 2 engagement looks like in practice:

Month 1 (Planning)

  • Client tells you: "Renewal is in 90 days."
  • You send them the renewal readiness scope document and timeline
  • You create a new project in your multi-client workspace
  • You pull their carrier's supplement and map it to your standard control list

Month 1–2 (Collection)

  • You connect evidence connectors to pull MFA config, EDR status, backup verification
  • You request platform-specific exports: patch management reports, incident response plan
  • You review the evidence, spot gaps: "We have backup logs but no RPO/RTO docs." You create a template for the client to fill in.
  • You organize everything into a folder structure your broker can navigate

Month 2–3 (Assembly)

  • You review everything one more time for accuracy and completeness
  • You write a one-page readiness summary: what we have, what carriers will ask about, what we flagged
  • You send the packet to the client, they review, they send to broker
  • Broker asks one clarification question. You answer it directly. Done.

Total time: 5–7 hours. You invoice $1,500–$2,000. Client gets policy approved in 30 days instead of the standard 60–90. Broker never has to chase the client for docs.

Next year, you do it again. Same scope, similar time, recurring revenue.

Getting Started: Three Steps

Step 1: Define your tiers. Decide what Tier 1, 2, and 3 mean for your business. How much time are you willing to spend? What's your bandwidth? What's the going rate in your market?

Step 2: Price it. Pick a framework (annual fee, per-engagement, percentage, or hybrid). Run the math. What's your cost per hour? What margin do you need? Set a price.

Step 3: Launch with your easiest clients. Find 2–3 clients with straightforward infrastructure, upcoming renewals, and good relationships. Use them as pilots. You'll refine the process, get testimonials, and learn where the bottlenecks are.

Tools like evidence connectors and white-label reports can come later, once you've proven the service works.

The Bottom Line

You're already managing the controls that carriers need at renewal. You already have the access and the knowledge. The gap isn't technical—it's packaging.

By bundling renewal prep into a defined service with clear scope, tiers, and pricing, you turn unpaid hours into predictable recurring revenue. You improve client outcomes (faster approval, better rates). You reduce your own liability (documented evidence instead of informal attestations).

And you build a service that gets easier to deliver every year, not harder.

MSPs do not need another random add-on. They need services that fit the work they already do, deepen client dependence, create clearer upsell paths, and improve renewal season instead of destroying it. Cyber insurance evidence fits that pattern unusually well. It sits close to existing managed services. It exposes real remediation opportunities. It gives brokers a reason to trust the MSP more. And it turns a recurring annual pain point into a named service with scope and margin.

That is a real revenue line, not a theoretical one.

Next Steps

Ready to see the workflow in action? See the MSP workflow →

Need the platform-specific exports that make the service real? Open the evidence guides →

For more on the evidence framework and related workflows, see: