Over the last few years, the rate of ransomware attacks and other cybercrimes have skyrocketed in both frequency andseverity. As employees continue working from home due to the lingering pandemic, they create, access, and share more dataremotely, causing the number of security blind spots to balloon and creating space for costly attacks.
Download a Shareable PDF Version of this Article
In March 2021 a large insurance company paid $40 million - the highest disclosed ransom payment to date - to regain network control after a ransomware attack, and it’s now anticipated that annual cybercrime costs will reach $10.5 trillion by 2025.8,11 Such explosive growth has driven significant changes in the cyber insurance marketplace. Previously, cyber submissions were simple, and it was easy to obtain bindable quotes from multiple markets. When it came to renewals, underwriting typically only required updates around major business changes. But, times have changed and these days underwriters across the board are asking for more information related to ransomware loss controls and IT risk management. It’s now common practice to require that insureds have Multi-Factor Authentication (MFA) in place (especially when it comes to email access) before providing a quote for most accounts. Without MFA, clients risk non-renewal or a retention hike of 100% or more.
WHAT IS MFA?
Multi-Factor Authentication is a cybersecurity measure that requires users to confirm multiple factors verifying their identity prior to accessing a network or system. Generally, users must provide a password, verify access by inputting a code sent to another device, or confirm access with biometric data such as a fingerprint.2 Those hesitant to adopt MFA are often under the misconception that it requires the purchase of additional external hardware or are concerned about potential user disruption.7 While it’s true that MFA can require users to take an extra step or two at login, it’s not complicated and doesn’t always require buying new hardware.
WHAT SHOULD BE PROTECTED WITH MFA?
MFA should be used to protect remote network and email access as well as administrative access. This prevents system intruders from breaching networks to deploy ransomware, erase valuable data, or steal sensitive information for malicious purposes through a variety of commonly successful cyberattacks such as phishing or keylogging.7
HOW DOES MFA PROTECT INSUREDS?
Brokers are seeing ransomware or social engineering claims hit almost weekly. Such claims can cost hundreds of thousands of dollars and require pricey forensic investigations that take several weeks to complete. Such attacks often start with compromised passwords or login IDs. These credentials can be the weakest point of a company’s digital footprint because employees often use the same password for multiple systems, create passwords that are too simple, share credentials with others, or inadvertently give information to cyber criminals.1
MFA protects businesses by adding a layer of security that can block 99.9% of attacks stemming from compromised accounts. For example, a phishing attack may obtain a user’s credentials, but be unable to provide the fingerprint or security question response required for authentication.1 Because every attack begins at an endpoint, companies should also be utilizing Endpoint Detection and Response (EDR), in collaboration with MFA, to maintain visibility into all endpoints. Employing MFA and EDR together will significantly minimize the threat of a breach, especially when combined with mature patching requirements, employee training, and increased awareness.
HOW CAN CLIENTS IMPLEMENT MFA?
Clients can choose from a variety of vendors to employ MFA and EDR. Most companies already paying for products like Microsoft Office 365 or Salesforce can obtain MFA services from those providers. There are also several commonly known companies that offer comprehensive services at reasonable prices. There are easy-to-deploy, two- factor authentication solutions that can cost as little as $3 per user, per month. The cost of implementing MFA can vary and ultimately depends on the type of solution chosen as well as the business’s requirements, including the number of systems and accounts protected by MFA.6
BOTTOM LINE
MFA is a vital layer of protection against first party losses and business interruption that can result from a cyberattack. While the economic turmoil of the last year impacted companies of all sizes, the hit taken by many mid-sized companies and small businesses can make it tempting to skip improving cybersecurity or buying cyber insurance. However, CNBC recently reported that only 14% of small businesses have the means to defend against cyberattacks, and 60% of companies that suffer a cyberattack close their doors within 6 months due to an inability to recover.4
Agents and insureds would be wise to take a proactive stance toward obtaining coverage, and begin remarketing accounts 2-3 months prior to renewal, keeping in mind that there are many products available and multiple ways to purchase coverage. CRC Group now leverages Cyberwrite technology on the REDY platform to generate customized insights into clients’ cybersecurity and the likely cost of a claim. Leaning on the expertise of CRC’s team throughout the quoting and buying process can ensure that your clients receive optimal coverage for the best possible price. Contact your CRC Group producer today to discover how we can help protect your clients in today’s digital environment.
Contributors
Darren Valencia is a Vice President located with CRC’s Nashville office, an active member of the ExecPro Practice Group, and a member of the Cyber Specialty Team.
Mark Smith is a Senior Vice President with CRC’s Seattle office. He’s an active member of the ExecPro Practice Group and a member of the Cyber Specialty Team.
*CRC Group does not endorse any specific company or provider; the names listed in this article are simply informational references, organizations are responsible for research and selecting MFA and EDM services based on business needs.
ExecPro Professional Cyber
What is Trade Credit Insurance?8/22/2024ExecProProfessionalTrade Credit
Product Recall + Contamination Insurance: What Your Clients Need to Know8/22/2024CasualtyContaminationProduct Recall
Employment Practices Liability ® Index Q2 20248/1/2024EPLREDYREDY IndexREDY-IndexEMPLOYMENT PRACTICES LIABILITY
Potential Insurance Impacts of the CrowdStrike Outage7/29/2024ExecProProfessionalCyberCybersecurityCrowdStrike
Why Consider Personal Umbrella Insurance?7/18/2024UmbrellaPersonal
Why Law Firms Can Be Challenging for Cyber Insurers7/18/2024ExecProProfessionalCyberLawyers
Having the best brokers and underwriters, the broadest market access, and the best service are table stakes today in the wholesale business. To excel, a wholesaler must do more. That’s why CRC Group is investing in being different and better – we call it placing you first.
Having the best brokers and underwriters, the broadest market access, and the best service are table stakes today in the wholesale business. To excel, a wholesaler must do more. That’s why CRC Group is investing in being different and better – we call it placing you first.
'); } } }); $('#mainMenu .container nav > ul > li > a').each(function () { var _this=$(this), str = $(this).clone().children().remove().end().text(); if (str.indexOf('Tools & Intel') > -1) { var _thispar = _this.parent('li'), _thisSecondLevel = _thispar.children('ul').children('li'), _thisHasThirdLevel = _thispar.find('ul > li:has("ul")'), _thisSecondLevel = _thispar.children('ul').children('li'); var columnsAmount = 12 / 6, _thisSecondLevelAmount = _thisSecondLevel.length; if (columnsAmount < 1) {columnsAmount = 5;} if (("mega_cc_yes" == "mega_cc_yes") && (("left" == "right") || ("left" == "left"))) { columnsAmount=columnsAmount - 1; } _thispar.addClass('mega-menu-item'); for(var i = 0; i < _thisSecondLevelAmount; i+=columnsAmount) { _thisSecondLevel.slice(i, i+columnsAmount) .wrapAll(''); } _thisSecondLevel.each(function(){ $(this).removeClass('dropdown-submenu').addClass('mega-menu-title'); $(this).wrap('
Tools & Intel by CRC Group spans a diverse spectrum of industry issues to keep you and your clients informed. This is truly news you can use, coupled with the latest CRC exclusive programs, featured tools, links to compelling news stories, and more.
Tools & Intel by CRC Group spans a diverse spectrum of industry issues to keep you and your clients informed. This is truly news you can use, coupled with the latest CRC exclusive programs, featured tools, links to compelling news stories, and more.
For many insurers, MFA is a simple “yes or no” question on the application. Either you have it or you don't. If businesses don't require MFA when their employees log in remotely to the system, the business may struggle to qualify for insurance.
Multifactor authentication (MFA) requires two or more steps to log in, such as entering a code texted to your phone or fingerprint to prove your identity. The device or app alerts the employee and asks for additional authentication to prevent others from accessing our accounts.
The password element of the multi-factor authentication approach must have a password length of at least 8 characters, with no maximum length restrictions. Additional factors should be chosen so that they are usable and accessible. This may require user testing to verify if a factor is suitable for the users.
With MFA, it's about granting access based on multiple weighted factors, thereby reducing the risks of compromised passwords. It adds another layer of protection from the kinds of damaging attacks that cost organizations millions.
Required MFA for all Azure users will be rolled out in phases starting in the 2nd half of calendar year 2024 to provide our customers time to plan their implementation: Phase 1: Starting in October, MFA will be required to sign-in to Azure portal, Microsoft Entra admin center, and Intune admin center.
This helps verify the user's identity and ensures that only authorized individuals can access sensitive information. NIST 800-171 control 3.5.3 specifically requires MFA for both privileged and non-privileged accounts.
If you accidentally tap “Deny”, you will be denied access, and an appropriate MFA Deny message will likely appear on your computer screen. On the contrary, if you have not initiated any log-in attempts and yet received an authentication request, immediately deny the log-in request.
One of the most effective security measures available to them is multifactor authentication (MFA). Research by Microsoft shows that MFA can block more than 99.2% of account compromise attacks. That's why, starting in 2024, we'll enforce mandatory multifactor authentication (MFA) for all Azure sign-in attempts.
Steps to enable MFA for Windows, macOS, and Linux machines. Go to Configuration > Self-Service > Multi-factor Authentication > MFA for Endpoints. Select a policy from the Choose the Policy drop-down. This will determine which authentication methods are enabled for which sets of users.
It now mandates that multifactor authentication (MFA) MUST be enforced on all remote user access to all systems and on all privileged accounts that access externally-hosted systems (for example cloud-hosted or SaaS applications).
In some instances, yes. If your directory has a per-user Microsoft Entra multifactor authentication provider, you can add MFA licenses. Users with licenses aren't counted in the per-user consumption-based billing. Users without licenses can still be enabled for MFA through the MFA provider.
Any type of MFA will hugely boost security, but almost every MFA solution assumes the user has an online connection to the server they are authenticating to. In other words, they can't ensure offline MFA.
Multi-Factor Authentication (MFA), a cornerstone of security solutions, protects networks and systems against illegal entry. This security solution protects organizations and users against typical cyber attacks and restricts intrusion, so that essential resources are only available to authorized users.
Multi-factor authentication (MFA) is a multi-step account login process that requires users to enter more information than just a password. For example, along with the password, users might be asked to enter a code sent to their email, answer a secret question, or scan a fingerprint.
The Cybersecurity Maturity Model Certification requires multifactor authentication in two specific instances, both of which are required if you aim to achieve CMMC Level 2 or higher.
Is MFA required for customer and partner Experience Cloud sites? MFA is not required for your company's Experience Cloud sites, employee communities, help portals, or e-commerce sites/storefronts. You don't have to enable MFA for external users who access these sites.
Multi-factor authentication (MFA) is a multi-step account login process that requires users to enter more information than just a password. For example, along with the password, users might be asked to enter a code sent to their email, answer a secret question, or scan a fingerprint.
Address: 787 Elvis Divide, Port Brice, OH 24507-6802
Phone: +9779049645255
Job: Senior Healthcare Specialist
Hobby: Cycling, Model building, Kitesurfing, Origami, Lapidary, Dance, Basketball
Introduction: My name is Sen. Emmett Berge, I am a funny, vast, charming, courageous, enthusiastic, jolly, famous person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.