• Cyber insurance requirements

    Growing incidents of cybersecurity breaches have led to a critical need for phishing-resistant MFA.
    Read the solution brief
    Home » Solutions » Cyber Insurance requirements

    The cyber insurance landscape is quickly changing.

    Massive financial payouts have been caused by cybersecurity breaches.

    A cybersecurity breach can have catastrophic implications for the affected organization. It translates to downtime and lost opportunity, and significantly impacts cyber insurance providers as well. The steady growth in cyber attacks have impacted existing cyber insurance risk models, largely due to the massive and repetitive financial payouts cyber insurance companies are increasingly facing. As a result, cyber insurance providers have raised the bar for security for companies before they can be insured, with premiums having gone up anywhere from 50-100%.


    cyber insurance white paper cover

    Meeting enhanced cyber insurance requirements with strong authentication

    Read this white paper to learn about the changing cyber threat landscape, evolving cyber insurance requirements and the best practices to position your organization in the best way to qualify for cyber insurance as requirements become increasingly stringent.


    Watch the Webinar

    Come learn new cyber insurance requirements and ways to adopt true phishing-resistant MFA that keeps your business and users protected.

    YubiKey plugged inside laptop

    Organizations need to do better than passwords.

    YubiKey 5C NFC next to iphone
    Cyber insurance has new MFA requirements.

    It’s just become too easy for an attacker to steal credentials and work from the inside. Using relatively simple technology, malicious actors can cause serious financial and reputational damage. And passwords are not enough, often at the root of 80% of security breaches.

    The May 2021 Biden executive order urged all Federal as well as State and Local agencies, and any private sector organization serving these agencies to modernize cybersecurity with phishing-resistant multi-factor authentication (MFA). And cyber insurance companies are increasingly requiring that MFA be in place before qualifying companies for cyber insurance.

    authenticator codes on mobile
    Any MFA is better than a password, but not all MFA is phishing-resistant.

    Most traditional MFA methods are insecure. Legacy MFA such as SMS, one time passwords, and even mobile push authenticators are susceptible to account takeover attacks from phishing and man-in-the-middle attacks.

    Organizations need modern MFA that involves either Smart card/PIV or modern FIDO authentication. Hardware security keys based on these methods can stop account takeovers in their tracks and prevent ransomware and other modern threat vectors.

    Shopping for cyber insurance?

    6 Questions to ask before you call the insurer

    Reduce risk with YubiKeys—phishing-resistant MFA.

    yubikey bios plugged into laptops
    Establish trust with Zero Trust

    The zero trust model involves verifying the identity of every user and device attempting to access network resources, whether inside or outside the network perimeter. Adopting strong authentication and phishing-resistant MFA as core building blocks of your zero trust strategy will jump start you on your way to enhancing the security posture of the organization with strong identity proofing and verification.

    YubiKeys can help you prevent network access with stolen passwords or weak forms of MFA. Your organization can strictly enforce access controls, learn who users are, what devices and applications they are using, and how they are connected to the network so that unusual behavior can be detected. Learn who users are, what devices and applications they are using, and how they are connected to the network so that unusual behavior can be detected.

    security breach notification on mobile
    Reduce financial, legal and reputational risk

    The cost of global cybercrime is expected to be $10.5 trillion by 2025 despite companies spending hundreds of billions of dollars to strengthen their cybersecurity postures.

    Most basic forms of MFA, such as SMS and mobile-based authenticators, are highly phishable and vulnerable to man-in-the-middle (MiTM) attacks. These methods do not achieve the strongest levels of phishing defense delivered by purpose-built hardware security keys. So if your users are using these methods to verify their identity, you are leaving yourself open to a cyber breach, and may not qualify for the best cyber insurance premiums. Consider YubiKeys for authentication to stay protected against modern threats and to develop a strong and trusted standing with your cyber insurance provider.

    YubiKey 5C NFC plugged into laptop
    Phishing-resistant protection in minutes

    User adoption of new technology that heightens security is a critical part of the equation. Deliver a highly secure solution that verifies user identity, but with a fast and easy user experience.

    Many organizations have successfully eliminated account takeovers with YubiKeys, with a simple touch or tap. And users can also experience secure passwordless login that reduces user friction.

    Get Phishing-resistant protection in minutes with nothing for the user to download. And, once using the YubiKey, even if a user is tricked into giving up their personal info to a phishing email or fake website, the YubiKey isn’t fooled and will halt authentication. User credentials are built on strong public-key cryptography and bound to the service, offering account takeover protection by ensuring that only the real site can authenticate with a key.


    “Having strong authentication is a foundational security component of a Zero Trust architecture. Yubico and YubiKeys help fill the gap, for example, where weak passwords have been used, by providing validated, phishing-resistant security keys.”
    John KindervagCreator of Zero Trust

    Learn more about Zero Trust and phishing-resistant MFA

    Yubico Q&A with John Kindervag, creator of Zero Trust

    hands on laptop

    Securing privileged users and accounts with phishing-resistant MFA


    Delivering strong authentication at scale

    Thousands of companies and millions of end users use YubiKeys to simplify and secure logins to computers, internet services, and mobile apps. Our customers include 9 of the top 10 internet companies, 5 of the 10 leading financial and retail companies, and several of the largest governmental entities around the world.


    Hear what our customers are saying

    New York Air National Guard is introducing the YubiKey for high-assurance network authentication

    man working on tablet

    Schneider Electric enhances global supply chain security with Yubico

    Department of Defense contractor agencies heighten security


    Risk reduction, business growth, and efficiency enabled by YubiKeys

    A recent Forrester Consulting Total Economic Impact™ (TEI) study commissioned by Yubico found that a composite organization representative of interviewed customers who use YubiKeys reduced risk of successful phishing and credential theft attacks by 99.9%, saw a drop in password-related helpdesk tickets by 75%, and experienced a 203% 3-year ROI with YubiKeys.

    BUT…. all organizations are different. Enter your own company data to create a custom Dynamic TEI study and instantly see how Yubico’s solutions can help your organization!

    TEI Forrester report

    YubiEnterprise Subscription: peace of mind and flexibility for less than a cup of coffee per user/month

    YubiEnterprise Subscription simplifies purchase and support while also providing financial benefits. Estimate your potential savings as compared to one-time perpetual purchasing model


    Get started

    YubiKey 5 series

    Find the right YubiKey

    Contact our sales team for a personalized assessment of your company’s needs.

    Get protected today

    Browse our online store today and buy the right YubiKey for you.