Last updated on March 26, 2024
Over the last couple of years, cybercrime has rapidly evolved, with cybercriminals targeting more companies than ever before. The Colonial Pipeline attack, one of the most impactful cyber incidents in recent years, was possible because a single password was compromised.
Earlier this year, President Biden signed the Executive Order on Improving the Nation’s Cybersecurity. The order mandates Multi-Factor Authentication (MFA) for all federal agencies in the United States and sends a strong signal to cybersecurity insurance companies that still leave MFA out of their list of requirements for cyber insurance.
What Is Cyber Insurance?
Cybersecurity insurance (also called cyber liability insurance) covers financial losses caused by cyber incidents such as data breaches and offers technical and recovery support.
Cyber risk insurance companies require you to adopt preventative measures to be eligible for insurance coverage. Cyber insurance requirements are not standardized. Every cyber liability insurance policy may have its unique set of criteria.
Most cyber insurance companies are now requiring MFA. What this effectively means is that you must deploy an MFA solution to get cyber insurance.
What Is MFA?
Multi-Factor Authentication (MFA) is a form of authentication that uses at least two different authentication factors to prove a user’s identity.
When you log in to your application and MFA is on, you have to provide at least two proofs of your identity to gain access.
Apart from the usual login and password, the system asks you for additional evidence of your identity, such as an SMS code or a Mobile Push notification sent to your phone.
Why Do Cyber Insurance Companies Require MFA?
In today’s company infrastructure, users with varying levels of access privileges access a wide variety of services. Company data is hosted by different providers and communication happens in open networks. Access is based on user identities.
Cybercriminals try to find a vulnerability in the infrastructure of a company and use this vulnerability to perform a security breach. One of the easiest ways to access a company’s data is to compromise a poorly protected account. If you only protect your user identities with passwords, you have a critical security gap in your infrastructure that hackers may exploit.
MFA adds an additional layer of security to your authentication, securing user identities and mending the identity security gap. While single-factor authentication usually only checks what you know (e.g. a password), MFA requires you to also provide another proof of your identity: something you possess (e.g. a phone, a FIDO2 standard security key), or something you are (e.g. a fingerprint).
Even if a malicious actor compromises your password, they are stopped by the second strong factor of authentication. MFA shields the identities of your users and prevents up to 99.9% of attacks on your accounts. It is not surprising that cybersecurity insurance providers demand companies to deploy MFA.
Enter Rublon
Rublon helps you maintain your cyber insurance by providing modern MFA with SSO and Adaptive Risk-Based Authentication. Rublon comes with powerful Access Control and fully supports Automated Account Management. With Rublon, you can protect all your services, VPNs, cloud apps, and on-premises applications.
If your cybersecurity insurance company asks you to get an MFA system, Rublon may be your best bet.
