Cyber insurance requirements
Growing incidents of cybersecurity breaches have led to a critical need for phishing-resistant MFA.
The cyber insurance landscape is quickly changing.
Massive financial payouts have been caused by cybersecurity breaches.
A cybersecurity breach can have catastrophic implications for the affected organization. It translates to downtime and lost opportunity, and significantly impacts cyber insurance providers as well. The steady growth in cyber attacks have impacted existing cyber insurance risk models, largely due to the massive and repetitive financial payouts cyber insurance companies are increasingly facing. As a result, cyber insurance providers have raised the bar for security for companies before they can be insured, with premiums having gone up anywhere from 50-100%.
Watch the Webinar
Come learn new cyber insurance requirements and ways to adopt true phishing-resistant MFA that keeps your business and users protected.
Organizations need to do better than passwords.
Cyber insurance has new MFA requirements.
It’s just become too easy for an attacker to steal credentials and work from the inside. Using relatively simple technology, malicious actors can cause serious financial and reputational damage. And passwords are not enough, often at the root of 80% of security breaches.
The May 2021 Biden executive order urged all Federal as well as State and Local agencies, and any private sector organization serving these agencies to modernize cybersecurity with phishing-resistant multi-factor authentication (MFA). And cyber insurance companies are increasingly requiring that MFA be in place before qualifying companies for cyber insurance.
Any MFA is better than a password, but not all MFA is phishing-resistant.
Most traditional MFA methods are insecure. Legacy MFA such as SMS, one time passwords, and even mobile push authenticators are susceptible to account takeover attacks from phishing and man-in-the-middle attacks.
Organizations need modern MFA that involves either Smart card/PIV or modern FIDO authentication. Hardware security keys based on these methods can stop account takeovers in their tracks and prevent ransomware and other modern threat vectors.
Shopping for cyber insurance?
6 Questions to ask before you call the insurer
Reduce risk with YubiKeys—phishing-resistant MFA.
Establish trust with Zero Trust
The zero trust model involves verifying the identity of every user and device attempting to access network resources, whether inside or outside the network perimeter. Adopting strong authentication and phishing-resistant MFA as core building blocks of your zero trust strategy will jump start you on your way to enhancing the security posture of the organization with strong identity proofing and verification.
YubiKeys can help you prevent network access with stolen passwords or weak forms of MFA. Your organization can strictly enforce access controls, learn who users are, what devices and applications they are using, and how they are connected to the network so that unusual behavior can be detected. Learn who users are, what devices and applications they are using, and how they are connected to the network so that unusual behavior can be detected.
Reduce financial, legal and reputational risk
The cost of global cybercrime is expected to be $10.5 trillion by 2025 despite companies spending hundreds of billions of dollars to strengthen their cybersecurity postures.
Most basic forms of MFA, such as SMS and mobile-based authenticators, are highly phishable and vulnerable to man-in-the-middle (MiTM) attacks. These methods do not achieve the strongest levels of phishing defense delivered by purpose-built hardware security keys. So if your users are using these methods to verify their identity, you are leaving yourself open to a cyber breach, and may not qualify for the best cyber insurance premiums. Consider YubiKeys for authentication to stay protected against modern threats and to develop a strong and trusted standing with your cyber insurance provider.
Phishing-resistant protection in minutes
User adoption of new technology that heightens security is a critical part of the equation. Deliver a highly secure solution that verifies user identity, but with a fast and easy user experience.
Many organizations have successfully eliminated account takeovers with YubiKeys, with a simple touch or tap. And users can also experience secure passwordless login that reduces user friction.
Get Phishing-resistant protection in minutes with nothing for the user to download. And, once using the YubiKey, even if a user is tricked into giving up their personal info to a phishing email or fake website, the YubiKey isn’t fooled and will halt authentication. User credentials are built on strong public-key cryptography and bound to the service, offering account takeover protection by ensuring that only the real site can authenticate with a key.
“Having strong authentication is a foundational security component of a Zero Trust architecture. Yubico and YubiKeys help fill the gap, for example, where weak passwords have been used, by providing validated, phishing-resistant security keys.”
Learn more about Zero Trust and phishing-resistant MFA
Delivering strong authentication at scale
Thousands of companies and millions of end users use YubiKeys to simplify and secure logins to computers, internet services, and mobile apps. Our customers include 9 of the top 10 internet companies, 5 of the 10 leading financial and retail companies, and several of the largest governmental entities around the world.
Hear what our customers are saying
Risk reduction, business growth, and efficiency enabled by YubiKeys
Read the Forrester Consulting study commissioned by Yubico and see how a composite organization reduced risk by 99.9%, saw a drop in password-related helpdesk tickets by 75%, and experienced a 203% 3-year ROI with YubiKeys.
YubiEnterprise Subscription: peace of mind and flexibility for less than a cup of coffee per user/month
YubiEnterprise Subscription simplifies purchase and support while also providing financial benefits. Estimate your potential savings as compared to one-time perpetual purchasing model