multi-factor authentication finger print image

Multi-Factor Authentication – Cyber Claims

Usernames and passwords are no longer enough to stand up to hackers with sophisticated software and techniques. Adding multi-factor authentication (MFA) is a little like adding an alarm system, only far easier. Simply by adding multiple means of identification before granting access, you can block the majority of hackers. This is excellent news because small and medium businesses pay an average of $175,000 per cyber breach, driving 60% of these businesses to close within six months of the attack. Prevention and comprehensive cyber liability coverage are essential for ourselves, our clients, and our companies. Keep reading to learn how you can protect your business.


Cybercriminals are now:

  • using automated bots to attack accounts
  • creating elaborate phishing schemes to trick people into handing over information
  • launching targeted attacks on unsuspecting victims


Attacks on small and medium-sized businesses continue to climb, an estimated 70% of cyber attacks now target small businesses. More than 90% of ransomware victims did not have MFA enabled. MFA uses two or more authentication factors to verify the identity of users before they gain access. Just one additional layer of security can deter hackers and block breaches.


Common targets include remote network access and remote access to email. Sometimes users use the same passwords for different sites, so if one is breached, others become susceptible. Other times, user IDs or passwords are posted to the Dark Web by disgruntled staff. Or an employee falls for a phishing scam and inadvertently releases sensitive information.


Recent news stories of cyber attacks on large institutions include:

  • A ransomware attack on Australian healthcare service provider Uniting Care Queensland (UCQ) accessed some of UCQ’s technology systems
  • A targeted attack breaching data on police informants kept by Washington DC’s Metropolitan Police Department
  • Sierra Wireless fell victim to ransomware that affected internal IT systems and halted production
  • An unauthorized party accessed Canadian retailer Home Hardware’s corporate data


As cyber liability insurers face higher claims losses than in previous years, premiums increase, and the terms of coverage tighten (underwriters must be vigilant).


The additional layer of security provided by MFA might include a combination of two or more:

  • A password or answer to a question that only the user would know
  • A token or smartcard
  • SMS text verification
  • Google authenticator
  • A security badge
  • A fingerprint or retina scan because biometric identification establishes the identity of the user
  • Privileged administrative access (elevated privileges ensuring that only certain levels of entry can gain access to a network)


MFA is an essential step in reducing the risk and cyber liability of data theft, ransomware attacks, and network breaches. Research suggests that MFA successfully blocks up to 99.9% of hacking attempts.


Do you have questions about cyber liability insurance? Contact the knowledgeable insurance specialists at CSRisks.