Why Passwordless MFA and Cyber Insurance are a perfect match
With rising numbers of cyber threats and attacks, cyber insurance is facing unprecedented demand. The insurance industry has had to rethink its approach – resulting in higher premiums and a far more risk averse approach to coverage eligibility. This has taken the shape of an insistence on extra layers of security – or multi-factor authentication for those in the know. So, what is MFA, why is it so important for cyber insurance and how can the service offered by inWebo help?
What is Cyber Insurance or Cyber Liability Insurance?
Cyber insurance, also often referred to as cyber risk insurance or cyber liability insurance, is a kind of insurance coverage created to protect businesses and individuals from digital threats. It works as both a kind of safety net and a way to meet the contractual requirements that clients or investors often set out.
What do we mean by "digital threats"? is a kind of insurance coverage created to protect businesses and individuals from digital threats. It works as both a kind of safety net and a way to meet the contractual requirements that clients or investors often set out.
You’ll need this kind of insurance if there is any risk of financial loss due to most kinds of cybercrime incidents. And this is especially important for organisations that store personal or sensitive information online.
Comprehensive cyber insurance should cover both mitigations against attacks (by that we mean pre-emptive measures) as well as covering any costs that arise should a breach occur. This is the really important part because those costs become incredibly high very quickly and not just in the immediate aftermath. In the longer term, businesses also suffer from the so-called latent costs of such incidents.
Cyber liability insurance can also help with: any remedial actions necessary, the costs of legal help if you need additional expert advice, the cost of managing your business communications (think about crisis communications from your PR firm or drafting in specialist comms support), any additional specialist investigators you might need assistance from, as well as customer reimbursements.
Understanding the role of MFA in a Cyber Insurance Policy
MFA, or multifactor authentication, MFA provides an extra layer of security that can help stem the tide of cyber-attacks, so it’s not really surprising that Cyber Insurance policies are increasingly insisting upon them.
An excellent example of how this works is a phishing attack in which a malicious third party has managed to get hold of a number of user credentials. Without MFA, those credentials could be used as they are, but add MFA into the mix, and it becomes impossible for the scammers to use those credentials because they don’t have the correct answers (or fingerprint) necessary for authentication.
This isn’t a new idea, but it’s something that’s been front of mind for many businesses, following the news that insurance companies who typically provide cyber insurance are increasingly making it a requirement of their policy coverage that clients put in place robust MFA. If they don’t use MFA, their policies become invalid.
Why make MFA mandatory for Cyber Insurance?
MFA, a response to the rise in cyber attacks for cyber insurers
Quite simply, it reduces risk. And with cybercrime happening with increasing regularity – whether that’s data breaches or more complex cyber-attacks, there is an inevitable rise in claims and associated costs.
It stands to reason that with cyber-attacks happening with increasing frequency, the needs of the cyber insurance industry are changing. This can be seen most obviously in the rising cost of coverage, which translates to higher insurance premiums to cover the growing costs of payouts for policyholders on the ground.
According to an S&P Global report from June last year, cyber insurers loss ratio increased to a staggering 72.8% and the average ransom demand made against policyholders in the first half of 2021 was $1.2 million – a figure which is up 170% on that of the previous year.
What’s more, insurers expect organisations who want cover to account for how they are trying to prevent cyber-attacks and take some relatively straightforward steps (i.e., use MFA) to decrease the likelihood of having to make a claim.
Businesses can now expect to be asked whether they have systems and processes in place and a cyber security strategy to reduce their risk and minimise the likelihood of falling victim to a cyber incident.
Multifactor authentication becomes a requirement for cyber insurance
Insurance companies, on the other hand, consider the implementation of a strong authentication process, which requires at least two types of authentication before access to an account is granted, to be a very good solution, which is why it is now a prerequisite for cyber insurance.
MFA, or two-step authentication, is now a prerequisite for cyber insurance.
In practice, this means criminals need more than just your login credentials to be able to fully hack your account -whether that’s a personal email or business server.
The good news is that research suggests that accounts with MFA are 99.9% less likely to be compromised than their counterparts without this additional layer of security. We know that password theft happens all too frequently, so it’s basic common sense to beef up security and add extra steps to your authentication processes.
Authentication vs User Experience
Of course, for many businesses, there is concern that using MFA can result in a reduced user experience and potentially even productivity loss – and of course it’s important to find a good balance. After all, some security tools have focused on safety and security with little regard for user experience in the past.
This is often the case when system users face multiple authentication codes and other ways to confirm their account access – there is a higher risk of failure and frustration. inWebo’s MFA solution, thanks to its Deviceless and Passwordless technology, provides seamless and yet very secure user login experience.
inWebo's unique multifactor authentication solution uses the web browser as the trusted "device" to authenticate access securely (browser token technology). This means that end users don’t need to have a physical key, smartphone or even a company-owned computer to authenticate and access their apps, and installing specific hardware or software is a thing of the past.
Meet your Cyber Insurance requirement with a passwordless MFA
The realities of the world we live in mean that workplace access to technology and the security of that technology has never been more important and for the cyber insurance market, this has meant a significant shift in both premiums and their coverage requirements.
The inWebo solution will help you meet those new requirements set out by cyber insurance providers in a way that is both straightforward and accessible to all. Importantly, it is also available immediately.
Providing excellent protection phishing attacks (it’s worth noting that it’s the only token that can verify the legitimacy of the URL on which authentication is attempted), it also ensures secure multi-user connections which is useful for shared computers. For businesses keen to promote BYOD, deviceless MFA will support the shift and comes with the added benefit of greater security.
Perhaps most reassuring of all, the inWebo solution is both simple and quick to implement – there’s nothing to install, it can be deployed in just a few clicks and with no need for human contact. All this and peace of mind that it provides the highest level of security on the market.
So, if you find yourself on the receiving end of new security requirements from your cyber insurance provider, the ultra-secure inWebo solution could be the answer you’re looking for.
Our latest news
Combining CIAM and MFA CIAM orchestration: how to make the MFA user experience smootherWith the combination of TrustBuilder CIAM orchestration and inWebo strong authentication MFA, you will be able to...
The increasing adoption of multi-factor authentication (MFA) has prompted phishers to develop even more sophisticated solutions to further their operations...
inWebo acquires TrustBuilder to bring adaptive and orchestrated Identity and Access Management solution to market
inWebo acquires TrustBuilder, specialist in CIAM (Customer Identity and Access Management). This transaction will allow the pure player in multi-factor authentication (MFA) to serve even more customers...