Insurance firms have been requiring MFA more and more in order to receive cyber coverage. Recently, Travelers, took it to a new level. According to the Insurance Journal, Travelers went to a district court to rescind a policy due to the holder, allegedly, not being truthful about their use and implementation of MFA.
After the then insured organization suffered a ransomware attack it was allegedly brought to light that they “only used MFA to protect (their) firewall and did not use MFA to protect any other digital assets.” In their application for cyber insurance coverage, the organization confirmed that they “used MFA for administrative or privileged access.” Travelers alleges that the organization misrepresented their use of MFA and should no longer receive coverage.
At BlueOrange we urge the use of MFA across the board. It can be a lift to implement and get users used to the change, but it will certainly be worth it in the long run!