Blog: Helping clients adopt MFA as a critical layer of cybersecurity

Multifactor authentication (MFA) typically blocks more than 99% of the attacks by cyber criminals attempting to compromise a company’s systems. Considering nearly one-third of businesses in the UK experience cyberattacks or breaches at least once a week, MFA is being put to the test – successfully – with increasing regularity. Brokers have seen the reverse of this trend in insurance claims.

As the industry saw a spike in claim activity toward the end of 2020, a clear correlation emerged between claims and insured businesses lacking MFA. The good news is these claims may be minimised or even prevented through MFA implementation.

Protection

MFA is a solid control that a business can put in place without a great deal of time or expense – and in the eyes of cybercriminals, it differentiates a business from one that doesn’t have it. A

fraudster who comes up against a multifactor check may be able to circumvent it, but it takes work. If the next broker on their list isn’t using MFA, it’s that much easier for them to deceive an employee with a phishing email and breach the company’s systems. Easy targets remain plentiful right now, so until everyone adopts this control and criminals find another way into a company’s systems, MFA remains a strong layer of protection.

For this reason, we have begun asking more technical questions about MFA when businesses renew their cyber insurance or buy it for the first time. Instead of asking simply if a company has MFA, we’re are asking if they have it for email, for administrative accounts, and if employees with elevated access privileges use it for internal access. When brokers read our questionnaire and see the level of specificity we request, they may think implementing MFA will be a lengthy and costly endeavour. But it’s a relatively straightforward fix and our brokers have the benefit of a free consultation with our cybersecurity partner, who helps them develop an implementation plan.

Layers

Of course, while MFA is important, it isn’t the only cyber protection required. A business should have multiple layers of security, including an email filtering system that catches as many malicious emails as possible, a training program to help employees recognise phishing emails, and a software defence that includes firewalls and an advanced endpoint detection and response system to monitor cyber threats.

MFA provides the final layer of protection. Within the last six months, most insurers have begun requiring some level of MFA to provide a quote. As MFA requirements become more stringent, you can help your clients present themselves as more attractive risks by taking proactive steps to improve their cyber protections prior to renewal. In the process, they may potentially deter a cyberattack. While MFA is not a silver bullet, it’s a critical piece of a multi-layered plan to make your clients’ cybersecurity that much stronger.

Davis Kessler is head of cyber at Travelers Europe.

 

Sponsored content