Cyber insurance security requirements

31 Mar 2022

With ransomware and malware attacks getting more frequent and sophisticated year after year, more businesses are waking up to the reality that it isn’t a matter of if their company is going to be hit, but when. By 2025, global cybercrime is estimated to cost over $10.5 trillion annually, and your organization could be one of the ones footing the bill if you’re not careful. If you’ve thought of protecting yourself from the expense of recovering from a data breach or ransomware attack with a cyber insurance policy, it’s a good idea, but it’s no replacement for proper cybersecurity practices. In fact, to secure coverage at all, you’ll need to furnish evidence of your policies, procedures, and security controls. One minimum must-have insurance companies will be looking for is multi-factor authentication (MFA).

MFA isn’t just a hoop to jump through to keep your insurer happy. It’s a foundational security practice that will help reduce the chance you’ll suffer a hack in the first place. Here’s what you need to know about MFA and why it’s a critical security practice for your business.

What is Multi-Factor Authentication?

Authentication is simply proving to the system or online account you’re signing into that you are who you say you are. Unfortunately, the most familiar method for doing this—entering a username and password—isn’t secure enough on its own. Data breaches, keyloggers, and phishing can be (and routinely are) used to steal these kinds of credentials and gain access to sensitive information.

Multi-factor authentication adds additional verification to this process to confirm your identity and reduce the chances that a malicious actor with stolen information can log into your account. With this enhanced security measure, your password alone isn’t enough to verify your identity. At least one additional element needs to be provided, such as a one-time passcode provided by text, phone, and/or email; biometric data like a fingerprint; or an authentication app or token.

If you’ve ever gotten a numeric code by text when you’ve logged into your bank’s website that you have to enter to proceed, you’ve already experienced MFA in action. With a similar process in place in your business, you dramatically reduce the chances that someone other than your trusted employees can log into your network and access sensitive information.

Why MFA is Required for Cyber Insurance

Insurance companies insist on MFA for a cyber liability insurance policy for one simple reason: it works. A security study by Google in 2019 showed that a two-step authentication process using an SMS code sent to a recovery phone number helped block 76% of targeted attacks, 96% of bulk phishing attacks, and 100% of automated bots. [i] Having a second step to confirm that the login comes from a trusted user stops potential hackers in their tracks when they don’t have the device, biometrics, or authentication app necessary to complete login.

The basic but effective layer of security provided by MFA greatly reduces the risk of your business suffering a successful cyberattack. As the financial damages from cybercrime grow, insurance companies are asking harder questions about the steps organizations are taking to keep their systems and confidential information secure. Having MFA shows your insurer that you’re doing your part to reduce your cybersecurity risk, making you a safer investment for them.

It’s important to note that the effectiveness of SMS as a multifactor authentication step is being eroded by hackers employing man-in-the-middle attacks and social engineering schemes to enable them to mimic victims’ mobile devices. By tricking phone service providers into sending them new SIM cards, they’re able to set up burner phones to receive the codes that should be keeping your account safe. Your business needs more robust solutions to ensure the effectiveness of your security stays a step ahead of criminal ingenuity. 

Your MFA (and Cybersecurity) Solution

Multi-factor authentication doesn’t have to be slow or inconvenient to be effective. Petronella Technology Group (PTG) offers a wide range of authentication solutions that can be configured to meet the specific needs of your organization. We leverage patented MFA solutions and work directly with the patent holders to architect the most secure solutions possible, oftentimes adding hardware proximity tokens to further enhance security. We can get you up and running quickly with the right MFA process for you, designed to fit into an overall cybersecurity strategy that protects your business and keeps you up to date with applicable compliance requirements.

The cold hard truth is that your cyber insurance policy should be a last resort. Even when claims are paid, companies often don’t recover from the damage done by ransomware. It’s easy to remove malware—it’s extremely difficult to recover lost data and lost employee time in cleaning up the mess. Just as bad is the fact that if you can’t prove to your insurer that you’ve done everything you can to prevent a breach with multiple security control layers (MFA alone is not enough!), security risk assessments, vulnerability scans, and penetration tests, you’re handing them an excuse to deny your claim.

If you’re not 100% sure that your existing security practices are up to the challenge today’s cybercriminals are throwing at them, then the situation is clear—they’re not! Don’t wait until the financial and reputational damage has been done. PTG can get you the protection you need to secure your data, keep hackers out, and sleep easier at night. To schedule a free consultation now, contact us here.

[i] https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top