Multi-Factor Authentication (MFA): A Must Have for Cyber Coverage

Over the last 18-24 months the rate of ransomware attacks has skyrocketed in both frequency and severity, driving significant changes in the cyber insurance marketplace. In years prior, cyber submissions were simple and it was easy to obtain bindable quotes from multiple markets. When it came to renewals, underwriting typically only required updates around major business changes. But, times have changed and these days underwriters across the board are asking for more information related to ransomware loss controls and IT risk management. It’s now common practice to require that insureds have Multi-Factor Authentication (MFA) in place (especially when it comes to email access) before providing a quote for most accounts. Without MFA, clients risk non-renewal or a retention hike of 100% or more.


Microsoft records more than 300 million fraudulent cloud service sign-in attempts every day.1


Multi-Factor Authentication is a cybersecurity measure that requires users to confirm multiple factors verifying their identity prior to accessing a network or system. Generally, users must provide a password, verify access by inputting a code sent to another device, or confirm access with biometric data such as a fingerprint.2 Those hesitant to adopt MFA are often under the misconception that it requires the purchase of additional external hardware or are concerned about potential user disruption.7 While it’s true that MFA can require users to take an extra step or two at login, it’s not complicated and doesn’t always require buying new hardware.


MFA should be used to protect remote network and email access as well as administrative access. This prevents system intruders from breaching networks to deploy ransomware, erase valuable data, or steal sensitive information for malicious purposes through a variety of commonly successful cyberattacks such as phishing or keylogging.7

MFA Protects Against (source 7) Phishing / Spear Phishing Attacks Keyloggers Credential Stuffing Brute Force Attacks Reverse Brute Force Attacks Man-in-the-Middle (MITM) Attacks7


Brokers are seeing ransomware or social engineering claims hit almost weekly. Such claims can cost hundreds of thousands of dollars and require pricey forensic investigations that take several weeks to complete. Such attacks often start with compromised passwords or login IDs. These credentials can be the weakest point of a company’s digital footprint because employees often use the same password for multiple systems, create passwords that are too simple, share credentials with others, or inadvertently give information to cyber criminals.1

MFA protects businesses by adding a layer of security that can block 99.9% of attacks stemming from compromised accounts. For example, a phishing attack may obtain a user’s credentials, but be unable to provide the fingerprint or security question response required for authentication.1 Because every attack begins at an endpoint, companies should also be utilizing Endpoint Detection and Response (EDR), in collaboration with MFA, to maintain visibility into all endpoints. Employing MFA and EDR together will significantly minimize the threat of a breach, especially when combined with mature patching requirements, employee training, and increased awareness.