New Mandatory Requirement For Cyber Insurance

Oct 19, 2021

During the past year, ransomware attacks and other cyber breaches have skyrocketed leading to significant changes in the cyber insurance marketplace. Historically, obtaining cyber insurance was simple and renewals were a matter of updates based on major changes within an organization. Fast forward to now and notable shifts in insurance policies and regulations are taking shape. Underwriters are now asking for more information related to cyber controls and IT risk management.

Multi-Factor Authentication (MFA)

Multi-Factor Authentical (MFA) is now a minimum requirement for cyber insurance through most carriers. The message, if you have not incorporated MFA into your current IT environment, your organization may be considered a high risk which would disqualify you from coverage.

MFA provides an additional layer of security above and beyond your traditional password protection. It requires users to validate their identity with additional credentials. These credentials could be the answer to a security question, the click of a button in an app for approvals, or even a biometric identifier such as a fingerprint. This extra layer of protection stops attackers as they won’t be able to access an account without all required credentials, even if they have stolen a password. The additional proof points confirm the person attempting to enter the system is truly who they say they are.

According to both Microsoft, ‘up to 99% of cyber identity attacks can be prevented with MFA’. Google has also supported this with their research ‘which shows that simply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks.’

If you already have cyber insurance you more than likely will find stricter requirements during your renewal. If you are in the market for cyber insurance, you will need to incorporate MFA before you seek coverage. Carrier data proves those without MFA are at a much higher risk for extortion and therefore coverage is not obtainable.

Our WVC Technologies team can assist with your MFA initiatives to help you: one, qualify for cyber insurance quotes from multiple carriers, and two, help reduce your claims activity which can improve your insurance pricing.

Connect With Us.

Greg Gomach, WVC Technologies Senior Client Rep.

greg.gomach@dmctechgroup.com

Categories: Risk Services


SBA Data Exposure Highlights the Need for Cybersecurity Programs

Apr 23, 2020

On April 21, 2020, news sources* revealed the Small Business Administration (SBA) notified 8,000 applicants of the Economic Injury Disaster Loan (EIDL) program of a data exposure on the application website. The exposure, which occurred briefly on March 25, may have permitted applicants to view Personally Identifiable Information (PII) of other applicants. Current reports reveal the disclosure included names, Social Security numbers, tax identification numbers, addresses, dates of birth, emails, phone numbers, marital and citizenship statuses, household sizes, incomes, financial and insurance information.

If you learn you have been impacted by the data exposure, the Federal Trade Commission has provided specific guidance with checklists on their website for Identity Theft. The actions described in their checklists are based on the type of data loss. Please refer to this website on how to protect yourself.

It is unfortunate to have a data exposure during an already stressful time, but it further demonstrates the continued need for cybersecurity programs. WVC Technologies is here to assist you in making sure your company is operating securely whether it be updating your remote working policies, implementing a security practice, or preparing a business continuity plan.

*CNBC was the first to report on the data exposure from the SBA. For a full report, please see this article.

Connect With Us.

Tiffany Pollard, CISA

Risk Services Practice Leader

tiffany.pollard@wvco.com

 

Categories: Risk Services