Cyber Insurance Industry Mandating Stronger MFA
Cyber insurance has become a vital component of the risk management framework, providing a hedge against financial losses stemming from cyberattacks. However, these policies have become more expensive and difficult to obtain due to an explosion of new digital threats. One of the many ways underwriters are attempting to balance their risk is by making multifactor authentication (MFA) a mandatory requirement for coverage.
Business changes since the pandemic have contributed to increased volatility in cyber insurance markets. While the ongoing transition to digital technologies brings a wealth of business benefits, it also creates a much larger attack surface. Triple-digit increases in ransomware and other forms of cybercrime since 2020 have had a punishing impact on insurers.
Analysis from Fitch Ratings shows that cyber insurance claims rose by about 100 percent in each of the past three years, while claims payments grew by 200 percent annually over the same period. Loss ratios (paid claims divided by premiums collected) increased to about 80 percent, according to a report in the Harvard Business Review.
Insurers Incentivize Stronger Protections
Faced with bigger losses and tighter margins, insurers have naturally responded by hiking prices. Cyber insurance premiums increased by 79 percent in 2022, according to Marsh’s Global Insurance Market Index. In addition, insurers are raising deductibles, reducing coverage limits and being more selective about who they will cover.
Most insurers now require those seeking coverage to demonstrate they have implemented MFA.
There’s a growing sense among insurers that businesses are too reliant on insurance for protection instead of investing in robust risk management strategies. According to ransomware research from Sophos, organizations with cyber insurance are more than twice as likely to pay ransoms as those without. To discourage payments and encourage policyholders to improve their security posture, most insurers now require those seeking coverage to demonstrate they have implemented MFA and other strong protections.
MFA solutions help prevent unauthorized access to applications, systems and services by reducing reliance on passwords and unsafe password practices. MFA requires a combination of verification factors, such as a password or PIN along with a security token, mobile app or biometric identifier.
While it is superior to traditional password-username verification processes, MFA isn’t foolproof. Secondary verification factors typically involve having a unique code sent to your mobile device or email. Because these techniques require human involvement, they are susceptible to account takeover attacks from phishing and man-in-the-middle attacks. Some experts contend that more than 90 percent of MFA solutions are “phishable.”
Get an Assist with Modernization
Some insurers are already requiring potential clients to implement a stronger form of authentication based on FIDO/WebAuthn authentication standards. Known as phishing-resistant MFA, it offers stronger protection by replacing passwords with hardware-based keys using cryptographic protocols. The Cybersecurity and Infrastructure Security Agency calls this the “gold standard for MFA.”
It works by essentially turning a user’s smartphone into a security key. When registering with a website or service, the passkey generates a unique cryptographic key pair consisting of a public key registered with the website or app being accessed and a private key stored on the user’s device. Even if hackers breach a site’s passkey server, they can’t access the user account without the private key.
The benefit of this approach is that it removes the human element — the device handles the entire authentication process. Users just have to sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face or typing in a device PIN.
GDS makes it easy for businesses to get started with phishing-resistant MFA with our fully managed solution based on Cisco Duo’s passwordless authentication architecture. Contact us to learn more.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.