Cyber Insurance Providers Are Now Requiring Multi-Factor Authentication

Cyber insurance is a promising tool companies can leverage to mitigate the risks of cyber attacks, data breaches, and business disruption. Just like with all forms of insurance, businesses need to ensure they’re protected against loss when the unexpected happens. Moreover, certain steps need to be taken—or criteria met—in order to remain insured. Cyber insurance providers were already requiring their customers to implement specific security controls, like end-to-end encryption and anti-phishing awareness, in order to renew and avoid a change in premium and/or coverage. These requirements are beneficial because they help set general standards around cyber security. Now, the latest requirement many cyber insurance providers are requiring of their customers is to implement multi-factor authentication (MFA).

With the sharp rise in identity-based cyber attacks, it should come as no surprise that identity-focused security controls are required. According to Verizon's 2021 Data Breach Incident Report, 61% of all breaches last year involved stolen credentials. Credential harvesting is still today’s most fruitful attack vector with nearly 90% of web application breaches caused by credential abuse, and phishing was present in more than a third of all breaches. Gaps in identity protection introduce risks like the ransomware attacks that have been all over the news, including the recent shutdown of the Colonial Pipeline.

MFA provides an additional layer of authentication, beyond a username and password, to further validate that the person is who they say they are. Additional authentication factors include biometrics, authenticator apps, a one-time password (OTP) sent via SMS, voice, or email, and more. Deploying MFA can be easy and because it’s so effective, it’s a clear choice as a requirement for insurance providers to further mitigate the risk of a cyber security incident. The ideal MFA solution will help companies strike the right balance between user experience and security. 

To this end, Adaptive MFA uses risk-based context —like the device the user is on, the location they are trying to gain access from, and network signals—to only prompt for MFA during risky authentication attempts. This helps low-risk employees get to what they need both quickly and seamlessly. Ultimately, Adaptive MFA enables all employees and contingent workers to securely get access from any device, anywhere. 

At Okta, we’ve seen companies reduce their risk of a security breach by as much as 75% and increase user productivity by as much as 50% by deploying Adaptive MFA. 

MFA adoption is gaining momentum, and the rise in cyber security threats certainly plays a role in this. MFA continues to be recommended by industry analysts and was even recently mandated for all federal agencies in the United States. Additionally, companies are being asked to support increasingly distributed workforces with 82% of company leaders planning to allow employees to work remotely at least part of the time and 47% allowing them to permanently work from home full-time. It is more important than ever to validate the identity of those gaining access to your critical resources.

According to our 2021 State of Zero Trust Security Report, 85% of companies around the world have implemented MFA for their employees. Nearly 19% of companies have implemented MFA for external users—like partners, contractors, and suppliers—while an additional 47% of companies intend to extend MFA to external users in the next 12 to 18 months.

Okta can help you maintain your current cyber insurance policy. We even have partnerships in place with cyber insurance providers to simplify the process for you.

Learn more about how Okta can help you with your cyber insurance here.