Skip to content

Licensing

Multi-Factor Authentication: A Must-Have for Cyber Coverage

← All articles
Filed under Licensing

Over the last 18-24 months the rate of ransomware attacks has skyrocketed in both frequency and severity, driving significant changes in the cyber insurance marketplace. In years prior, cyber submissions were simple and it was easy to obtain bindable quotes from multiple markets.

When it came to renewals, underwriting typically only required updates around major business changes. But, times have changed and these days underwriters across the board are asking for more information related to ransomware loss controls and IT risk management.

It's now common practice to require that insureds have Multi-Factor Authentication (MFA) in place (especially when it comes to email access) before providing a quote for most accounts. Without MFA, clients risk non-renewal or a retention hike of 100% or more.

WHAT IS MFA?

Multi-Factor Authentication is a cybersecurity measure that requires users to confirm multiple factors verifying their identity before accessing a network or system. Generally, users must provide a password, verify access by inputting a code sent to another device, or confirm access with biometric data such as a fingerprint.2 Those hesitant to adopt MFA are often under the misconception that it requires the purchase of additional external hardware or are concerned about potential user disruption.7 While it's true that MFA can require users to take an extra step or two at login, it's not complicated and doesn't always require buying new hardware.

WHAT SHOULD BE PROTECTED WITH MFA?

MFA should be used to protect remote network and email access as well as administrative access. This prevents system intruders from breaching networks to deploy ransomware, erase valuable data, or steal sensitive information for malicious purposes through a variety of commonly successful cyberattacks such as phishing or keylogging.7
a close-up of a globe with a lock
 

HOW DOES MFA PROTECT INSUREDS?

Brokers are seeing ransomware or social engineering claims hit almost weekly. Such claims can cost hundreds of thousands of dollars and require pricey forensic investigations that take several weeks to complete. Such attacks often start with compromised passwords or login IDs.

These credentials can be the weakest point of a company's digital footprint because employees often use the same password for multiple systems, create passwords that are too simple, share credentials with others, or inadvertently give information to cyber criminals.1

MFA protects businesses by adding a layer of security that can block 99.9% of attacks stemming from compromised accounts. For example, a phishing attack may obtain a user's credentials. But be unable to provide the fingerprint or security question response required for authentication.1 Because every attack begins at an endpoint, companies should also be using Endpoint Detection and Response (EDR), in collaboration with MFA, to maintain visibility into all endpoints.

Employing MFA and EDR together will significantly minimize the threat of a breach, especially when combined with mature patching requirements, employee training, and increased awareness.

a diagram of a computer security system
a small business building with a red and white awning

HOW CAN CLIENTS IMPLEMENT MFA?

Clients can choose from a variety of vendors to employ MFA and EDR. Most companies already paying for products like Microsoft Office 365 or Salesforce can obtain MFA services from those providers. There are also several commonly known companies that offer comprehensive services at reasonable prices.

There are easy-to-deploy, two- factor authentication solutions that can cost as little as $3 per user, per month. The cost of implementing MFA can vary and ultimately depends on the type of solution chosen as well as the business's requirements, including the number of systems and accounts protected by MFA.6
a red circle with a white globe and a shield

BOTTOM LINE

MFA is a vital layer of protection against first party losses and business interruption that can result from a cyberattack. While the economic turmoil of the last year impacted companies of all sizes, the hit taken by many mid-sized companies and small businesses can make it tempting to skip improving cybersecurity or buying cyber insurance.

However, CNBC recently reported that only 14% of small businesses have the means to defend against cyberattacks, and 60% of companies that suffer a cyberattack close their doors within 6 months due to an inability to recover.4

Agents and insureds would be wise to take a proactive stance toward obtaining coverage, and begin remarketing accounts 2-3 months before renewal, keeping in mind that there are many products available and multiple ways to purchase coverage.

ENDNOTES

    1. One Simple Action You Can Take to Prevent 99.9 Percent of Attacks on Your Accounts, Microsoft, August 20, 2019.
    2. What is Multi-Factor Authentication? Cisco.
    3. 8 Reasons You Should Turn to Multi-Factor Authentication, TechBeacon,
    4. How Cybercrime Impacts Organizations and What You Can Do About It, Legal Reader, February 21, 2020.
    5. Hackers Attack Every 39 Seconds, Security Magazine, February 10, 2017.
    6. Multi-Factor Authentication for Small Business, Totem, September 10, 2020.
    7. What Type of Attacks Does Multi-Factor Authentication Prevent?, Onelogin, 2021.

a man sitting at a computer

Found This Useful? Let's Get You Set Up.

Start an application and an expert will tailor the next steps to your situation.

Related reading

Maryland Rent Collection in 2026: 7 Licensing Risks Property Managers Must Avoid

Licensing

Maryland Rent Collection in 2026: 7 Licensing Risks Property Managers Must Avoid

Property managers in Maryland are running into a question that is getting more attention and creating real operational risk. Does collecting rent, especially when a tenant is past due, trigger Maryland's collection agency licensing requirements?

Licensing Challenges for Mortgage Servicers

Licensing

Licensing Challenges for Mortgage Servicers

Mortgage servicers play a central role in the housing finance system. They collect borrower payments, manage escrow accounts, respond to customer inquiries, and step in with loss mitigation or foreclosure processes when borrowers fall behind. Servicers act as the day-to-day managers of loans after origination, ensuring that cash flows properly between borrowers and investors. Since [...]

The Pros and Cons of Outsourcing Debt Collection for Startups and Small Businesses

Licensing

The Pros and Cons of Outsourcing Debt Collection for Startups and Small Businesses

Cash flow is the lifeblood of every startup. When customers delay or default on payments, even the most innovative ideas can stall. Founders often face a critical challenge: Should we collect overdue invoices ourselves, or hand them off to a third-party debt collection agency? Outsourcing debt collection - sometimes called debt recovery outsourcing - has become increasingly common for [...]

Navigating CFPB's Proposed Rulemaking: Key Insights for Data Brokers

Compliance

Navigating CFPB's Proposed Rulemaking: Key Insights for Data Brokers

The Consumer Financial Protection Bureau (CFPB) has issued a Notice of Proposed Rulemaking (NPRM) that could reshape the landscape for data brokers and consumer reporting. The changes rest on expanded definitions and higher compliance requirements, signaling a new era of accountability in handling consumer data. Here are the key insights businesses need to work through them.

Navigating Corporate Changes for Debt Collection Licensing

Licensing

Navigating Corporate Changes for Debt Collection Licensing

Is your company going through changes that may require actions to maintain your collection licensing? Here are some of the most common corporate changes that could impact your collection licensing: Navigating Changes Cornerstone Support has established a reputation over 20+ years as the premier licensing service provider to the collection industry. We've frequently had requests to [...]

Beyond Licensing: What States Expect from Non-Bank Lenders Post-Approval

Licensing

Beyond Licensing: What States Expect from Non-Bank Lenders Post-Approval

Obtaining a consumer lending license is a major milestone for non-bank lenders - but it's only the beginning. Once licensed, lenders must meet a host of ongoing state-level obligations that require operational discipline and proactive planning. These obligations are not just bureaucratic checkboxes; they are essential to staying compliant, avoiding penalties, and building long-term credibility with regulators. [...]

Browse the full insights library, meet our editorial team, or download our whitepapers.

Insights

Found This Useful? Let's Get You Set Up.

An expert will respond within one business day.