The process for underwriting cyber insurance has evolved considerably in the past five years. Some insurance carriers are relying on black-and-white responses to complex questions and using responses that limit or even deny coverage. Even if you read the submission questions carefully and answer in good faith, you may still find your coverage restricted or rejected. While the cyber environment continues to transform at a breakneck pace, it’s still troubling to see otherwise ideal clients and businesses on the receiving end of a declination.
While a variety of factors determine cyber liability coverage applicability, one best practice has become a primary cause of concern for carriers: multi-factor authentication.
What Is Multi-Factor Authentication?
Even if this is the first time you’ve heard of multi-factor authentication, you’ve likely encountered it while using phone apps and signing into websites.
When you enter your username and password to log into your accounts, you’re taking part in the process called authentication. By entering your credentials, you are proving who you are to the website or company. Unfortunately, usernames are often easy to guess and people sometimes choose weak passwords, or even worse, reuse passwords. If a weak password is all that’s standing between your account information and a hacker, the odds aren’t exactly in your favor.
That’s where multi-factor authentication, often abbreviated to MFA, comes in. Sometimes called two-factor authentication, MFA adds an additional layer of safekeeping to your account by requiring another factor to authenticate such as entering a code texted to your phone number or an answer to a security question. If a bad actor has your username and password, having MFA on your accounts acts as an extra barrier between them and your information.
MFA Can Make or Break Your Cyber Insurance Application
In our personal lives, MFA can be as simple as activating facial recognition to log into your bank app or using an obscure answer for a security question. But for businesses, especially large or complex organizations, streamlining your MFA strategy across a wide range of applications and software can be challenging. What works for one app or brand may not work for another, resulting in a tangled web of MFA approaches that can be frustrating for leaders, employees, and clients.
So, how does this apply to carrier applications for insurance? Many applications now ask if MFA is enabled across email and other systems used by your organization. As carriers offering cyber insurance know all too well, a data breach is not only dangerous for those whose information is compromised – it’s very expensive to fix. Reputational damage, improved security infrastructure, regulatory consequences, and even paying ransom to retrieve the stolen data adds up fast.
Even if you have cyber insurance, your carrier could seek to rescind (or void) coverage alleged misrepresentation of MFA implementation. A recent legal case illustrated this very situation and led to the insured’s policy being declared null and void due to the company’s misrepresentation of MFA use on their insurance application. As cyber attacks become an increasingly common phenomenon, carriers will reconsider their risk appetite when it comes to potential insureds who aren’t using MFA effectively, if at all.
Our Experts Can Help You With Cyber Insurance
Navigating the insurance industry can already feel intimidating, and understanding the complexities of cyber insurance might seem impossible. You need a partner who understands your business – that’s where Holmes Murphy comes in. Our Cyber team is ready to discuss your unique environment and help you develop nuanced responses to insurance application questions when a simple answer won’t suffice. If you’re ready to learn more, reach out today and let’s get started!