the 20's super simple guide to cyber insurance – cyber insurance and multi-factor authentication

The 20’s Super Simple Guide to Cyber Insurance

Part 5 – Cyber Insurance and Multi-Factor Authentication

Here’s what you need to know about multi-factor authentication (MFA):

  1. It’s an incredibly effective cybersecurity tool.
  2. It’s easy to implement/use.
  3. It’s not costly.
  4. Most cyber insurance carriers now require MFA.

But let’s go into a little more detail than that. In this quick read, you’ll learn what MFA is (if you don’t already know) and why you should be using it at your business (if you’re not already).

MFA Works!

multi-factor authentication

To appreciate why MFA works so well, you need to understand what it is.

Let’s start with authentication. In the tech world, authentication just means verifying someone’s identity. When you log in to your email account, how does your email ‘know’ it’s really you? Because you enter a password that only you’re supposed to know. And voilà — you’re ‘authenticated’!

But can’t cybercriminals figure out what people’s passwords are?

In short, yes (and it doesn’t help that people and organizations have notoriously bad ‘password habits’ such as using the same password for everything). In fact, stolen passwords and other credentials are the primary means by which cybercriminals break into computer networks. But MFA is here to help.

According to the Verizon 2024 Data Breach Investigations Report, 24% of data breaches stem from leveraged credentials. Although a serious concern, this statistic is on the decline – down nearly 30% since 2021 – as more users adopt stronger password practices, including tools like MFA.

But what if authentication required more than just a password — a password plus something else? Surely, that would make it harder for threat actors to use stolen credentials to gain unauthorized access to devices, systems, etc.

It would, which brings us to ‘M’ and ‘F’: multi-factor refers to the fact that MFA requires more than one proof of identity for authentication. Going back to the example of email, if your email account is protected by MFA, it means anyone who wants to log in to your email will have to provide your password plus something else.

That ‘something else’ could be a lot of different things, including:

  • An SMS code that gets sent to your cell phone
  • The correct answer to a security question
  • Biometric data (e.g., your fingerprint)

Bottom line: Requiring just one additional proof of identity makes it significantly harder for threat actors to hack into your accounts. How much harder? According to research from Microsoft, MFA can block more than 99.9% of cyberattacks that rely on compromised credentials. Talk about effective!

Using MFA at your business should be a no-brainer, but in case you’re still not sold, here are some additional considerations to help persuade you…

MFA Is Easy

MFA is both easy to implement and easy to use. There are numerous MFA solutions available to SMBs, and many of them don’t require any hardware or downloads

. And once you’ve set up your MFA solution, all it requires from users is that they take an extra few seconds to verify their identity.

MFA Isn’t Costly

Besides being a simple and easy-to-use cybersecurity tool, MFA is also highly cost-effective. Most MFA solutions will use up only a tiny sliver of your IT budget, which makes them a great investment considering the average cost of a data breach in the U.S. reached a record high in 2023, coming in at a jaw-dropping $4.45 million.

Cyber Insurance Providers Require MFA

Regardless of how you feel about MFA, any cyber insurance company you work with will want to see that your business uses MFA. In fact, more and more carriers are making it an outright requirement. This is telling: cyber insurance providers are demanding that insureds use MFA because they know it works.

There you have it. MFA is an awesome, easy-to-use, and affordable cybersecurity tool that stops hackers in their tracks. That said, it’s not a cure-all. Use MFA at your business, but use it in conjunction with other security solutions such as encryption and endpoint detection and response (EDR). Doing so will give you a layered approach, and the best chance at avoiding a devastating breach.

What’s Next?

We’re nearing the end of our deep dive into cyber insurance, with two blogs left. Make sure to check out the next article on cyber insurance and security, and stay tuned for next week’s series finale on data backups.