Cyber insurance requirements

Growing incidents of cybersecurity breaches have led to a critical need for phishing-resistant MFA.
woman in front of computer screen

The cyber insurance landscape is quickly changing.

Massive financial payouts have been caused by cybersecurity breaches.

A cybersecurity breach can have catastrophic implications for the affected organization. It translates to downtime and lost opportunity, and significantly impacts cyber insurance providers as well. The steady growth in cyber attacks have impacted existing cyber insurance risk models, largely due to the massive and repetitive financial payouts cyber insurance companies are increasingly facing. As a result, cyber insurance providers have raised the bar for security for companies before they can be insured, with premiums having gone up anywhere from 50-100%.

Watch the Webinar

Come learn new cyber insurance requirements and ways to adopt true phishing-resistant MFA that keeps your business and users protected.

YubiKey plugged inside laptop

Organizations need to do better than passwords.

YubiKey 5C NFC next to iphone
Cyber insurance has new MFA requirements.

It’s just become too easy for an attacker to steal credentials and work from the inside. Using relatively simple technology, malicious actors can cause serious financial and reputational damage. And passwords are not enough, often at the root of 80% of security breaches.

The May 2021 Biden executive order urged all Federal as well as State and Local agencies, and any private sector organization serving these agencies to modernize cybersecurity with phishing-resistant multi-factor authentication (MFA). And cyber insurance companies are increasingly requiring that MFA be in place before qualifying companies for cyber insurance.

authenticator codes on mobile
Any MFA is better than a password, but not all MFA is phishing-resistant.

Most traditional MFA methods are insecure. Legacy MFA such as SMS, one time passwords, and even mobile push authenticators are susceptible to account takeover attacks from phishing and man-in-the-middle attacks.

Organizations need modern MFA that involves either Smart card/PIV or modern FIDO authentication. Hardware security keys based on these methods can stop account takeovers in their tracks and prevent ransomware and other modern threat vectors.

Shopping for cyber insurance?

6 Questions to ask before you call the insurer

Reduce risk with YubiKeys—phishing-resistant MFA.

yubikey bios plugged into laptops
Establish trust with Zero Trust

The zero trust model involves verifying the identity of every user and device attempting to access network resources, whether inside or outside the network perimeter. Adopting strong authentication and phishing-resistant MFA as core building blocks of your zero trust strategy will jump start you on your way to enhancing the security posture of the organization with strong identity proofing and verification.

YubiKeys can help you prevent network access with stolen passwords or weak forms of MFA. Your organization can strictly enforce access controls, learn who users are, what devices and applications they are using, and how they are connected to the network so that unusual behavior can be detected. Learn who users are, what devices and applications they are using, and how they are connected to the network so that unusual behavior can be detected.

security breach notification on mobile
Reduce financial, legal and reputational risk

The cost of global cybercrime is expected to be $10.5 trillion by 2025 despite companies spending hundreds of billions of dollars to strengthen their cybersecurity postures.

Most basic forms of MFA, such as SMS and mobile-based authenticators, are highly phishable and vulnerable to man-in-the-middle (MiTM) attacks. These methods do not achieve the strongest levels of phishing defense delivered by purpose-built hardware security keys. So if your users are using these methods to verify their identity, you are leaving yourself open to a cyber breach, and may not qualify for the best cyber insurance premiums. Consider YubiKeys for authentication to stay protected against modern threats and to develop a strong and trusted standing with your cyber insurance provider.

YubiKey 5C NFC plugged into laptop
Phishing-resistant protection in minutes

User adoption of new technology that heightens security is a critical part of the equation. Deliver a highly secure solution that verifies user identity, but with a fast and easy user experience.

Many organizations have successfully eliminated account takeovers with YubiKeys, with a simple touch or tap. And users can also experience secure passwordless login that reduces user friction.

Get Phishing-resistant protection in minutes with nothing for the user to download. And, once using the YubiKey, even if a user is tricked into giving up their personal info to a phishing email or fake website, the YubiKey isn’t fooled and will halt authentication. User credentials are built on strong public-key cryptography and bound to the service, offering account takeover protection by ensuring that only the real site can authenticate with a key.


“Having strong authentication is a foundational security component of a Zero Trust architecture. Yubico and YubiKeys help fill the gap, for example, where weak passwords have been used, by providing validated, phishing-resistant security keys.”
John KindervagCreator of Zero Trust

Learn more about Zero Trust and phishing-resistant MFA

Yubico Q&A with John Kindervag, creator of Zero Trust

hands on laptop

Securing privileged users and accounts with phishing-resistant MFA

Delivering strong authentication at scale

Thousands of companies and millions of end users use YubiKeys to simplify and secure logins to computers, internet services, and mobile apps. Our customers include 9 of the top 10 internet companies, 5 of the 10 leading financial and retail companies, and several of the largest governmental entities around the world.


Hear what our customers are saying

New York Air National Guard is introducing the YubiKey for high-assurance network authentication

man working on tablet

Schneider Electric enhances global supply chain security with Yubico

Department of Defense contractor agencies heighten security

Get started

YubiKey 5 series

Find the right YubiKey

Contact our sales team for a personalized assessment of your company’s needs.

Get protected today

Browse our online store today and buy the right YubiKey for you.