What SMBs should collect before a cyber-insurance renewal, including MFA, endpoint protection, backups, incident response, vendor access, and security training evidence.