Cyber Liability and Your Business

Cyber Liability and Your Business

The Importance of Multi-Factor Authorization

Would your business meet the current criteria to obtain or maintain cyber liability coverage?

Much like health insurance that individuals carry, cyber liability carriers ask a few “preexisting condition” questions, much like an application, to determine the insurability and rates for the entity requesting coverages. With the recent uptick in attacks and therefore claims, cyber liability insurance carriers are becoming more stringent with the controls that entities must have in-place to qualify for coverage or attain reasonable rates.

This increase in controls is seen in a few areas, the major observation being that Multi Factor Authentication is a non-starter for carriers. Meaning, if your business does not require multifactor authentication then your business will not qualify for coverage. As of right now, this multifactor requirement is just on remote access processes but is expected to expand as time progresses.

Authentication is the process of verifying that the user is who they say they are. This process is something that users navigate hundreds of times a day through a myriad of systems. Today, traditional username and password authentication is simply not secure enough to protect critical business systems from the increasing number and sophistication of threat actors.

Multi-Factor Authentication is a critical player in your authentication process

With authentication already requiring something they know the second clear method for increasing authentication protection is requiring users to prove they have something. 2-Factor authentication with something they know and something they have requires a user to enter their credentials and then enter in a time-based code from an application on their smartphone or physical code generator key. Many systems and applications have these features built-in. Entities can also leverage an external authentication system to add multi-factor authentication to any application or system containing sensitive business data