To address and insulate themselves from the growing trend of cyber security breaches, more businesses are turning to insurance agencies for cyber insurance policies. While these policies have been around in some form since the late 1990s, the fast growing threat landscape and comparative youth of these policies means that rates and limits have fluctuated wildly as underwriters attempt to understand the risks and controls that insurees can enact. From the outside, it can appear to be similar to the “wild west” with spikes in premiums, sudden limits in coverage, and new and more stringent requirements to even classify for a policy.
As insurers better attempt to quantify and control for loss, the security policy and posture of customers looking for policies is often inspected. Customers who rely solely on traditional passwords [and soon legacy multi-factor authentication (MFA) tools] are no longer eligible to qualify for cyber insurance. Adopting modern, phishing-resistant MFA tools, including security keys like the YubiKey, will soon become mandatory to qualify for many cyber insurance policies and the best premiums. This is why we’re currently seeing a shift in how businesses are approaching cyber insurance around the world.
Tackling cyber threats through cyber insurance backed with YubiKeys
Legacy authentication such as mobile-based MFA introduces risk when users become conditioned to hitting ‘approve’ for every request to authenticate (causing MFA fatigue) or are tricked by attacker-in- the-middle (AiTM) phishing attacks. However, the fault for these risks lies not with the user, but with legacy authentication. When it came time to replace legacy authentication, customer engagement specialist Afni knew that YubiKeys delivered phishing-resistant MFA that is needed for strong security and to qualify for the best cyber insurance premiums.
The YubiKey is a modern, multi-protocol hardware security key that enables FIDO and smart card-based phishing-resistant MFA and passwordless authentication at scale. As the only solution proven to stop 100% of account takeovers in independent research, the YubiKey offers strong authentication with a fast and easy user experience and addresses the stringent compliance needs of organizations at scale. Further, the YubiKey reduces risk associated with new ways of working that involve remote or hybrid work environments.
In a market where premiums have been on the rise, not only did Afni qualify for continued coverage, but the underwriters were also willing to compete on price.
“In the end, Afni received insurance at a 30% decrease from its previous level. When I’m going down by a third and others are going up by 20% or higher, that’s a really big win,” said Brent Deterding, chief information security officer (CISO), Afni. “In fact, I estimate our premiums are nearly half of what others are having to pay.”
New cyber policy from Generali highlights future of cyber insurance
In addition to companies making adjustments to how they approach security for cyber insurance premiums, insurance companies themselves are aiming to greatly improve their offerings to be able to offer the most secure, easy-to-use solutions to their customers.
Generali, one of the largest global insurance and asset management providers in the world, believes that FIDO U2F/FIDO2 security keys are a critical, strong MFA solution to help their customers stay secure and reduce the risk from sophisticated cyberattacks. This is why Generali Poland recently unveiled a new cyber policy – called CyberRED – which gives customers in Poland a base package of 10 YubiKeys, with more options available for enterprise customers.
“Thanks to cooperation with MCX Group and Yubico, Generali is introducing an innovation in cyber insurance to the market – enhancing insurance protection with a risk prevention element in the form of FIDO U2F/FIDO2 keys,” said Michał Balwiński, cyber practice leader at Generali Polska. “I believe that brokers and customers will appreciate this solution, as it provides real protection in the face of a constantly growing cyber threat.”
“We are very pleased with our cooperation with Generali and MCX Group,” said Marcin Majchrzak, sales manager at Yubico. “This partnership enables us to continue our mission to educate users about cybersecurity threats and make the internet safer for everyone. We believe that our innovative technology and experience in the field of security will contribute to a significant reduction in cyber risk for Generali’s customers.”
Shopping for cyber insurance? Be sure to ask these six important questions before you call the insurer.