Along with the growing adoption of cloud, SaaS applications have accounted for more than triple of the account-takeover attacks between 2019 and 2021, alone. Any given breach can potentially bankrupt many small businesses, with average costs reaching USD 4.35 million in 2022, according to a 2022 IBM report.

Every business, no matter its size, must minimise these risks by deploying a range of cybersecurity tools and procedures. One of the most important elements is multifactor authentication (MFA). Some cyber insurance companies mandate MFA as a prerequisite for coverage and others will lower their premiums for companies that have deployed it. These insurers know how much more secure the enterprise is when multiple different verification methods are used for logging into accounts and applications.

Importance of Cyber Insurance

Cyber insurance has become a must-have for organisations that deploy and rely on digital systems. Small businesses are especially vulnerable to cyber threats since few have invested in the necessary security tools to defend against network breaches, scams and other types of cybercrime.

Cyber insurance has become a must-have for organisations that deploy and rely on digital systems

The good news is that cyber insurance policies are widely available and offer a broad range of coverage options. Some will pay the costs of direct expenses associated with a network attack as well as legal costs, including litigation defense payments, if the business could not meet contractual obligations because of the breach.

Cyber insurance premiums

Policies may also cover the cost of losing and then restoring access to technology after a breach. Policies may even cover the costs of transfer payment fraud caused by social engineering, as well as profit losses from reputational damage, although this can be restricted to a finite period of time.

Depending on the coverage that is selected, cyber insurance premiums can be expensive, and a policy does not replace the solid foundation of an underlying cybersecurity framework. A foundation that includes MFA will help to stop cybercrime before it is committed while also making it easier to acquire and reduce the costs of cyber insurance. In fact, MFA is now one of the most common conditions for obtaining cyber insurance because of its proven ability to help prevent account takeover attacks and stop identity-related data breaches.

Multifactor authentication overview

The MFA ‘factors’ for confirming identity during login typically include something the user knows

The MFA ‘factors’ for confirming identity during login typically include something the user knows (like a pin), something the user has (like a secure device), and something the user ‘is’ (like presenting a fingerprint or face scan to a reader or camera).

Using these factors when accessing sensitive applications, systems, and data helps prevent attackers from compromising accounts. This is true even if the attacker has somehow tricked legitimate users into providing usernames and passwords through phishing schemes, in which seemingly legitimate emails are used to harvest this information.

Preventing unauthorised access

These types of attacks can be launched at scale and put millions of organisations at risk around the world. Some insurance providers simply will not cover them. They know that MFA can help organisations avoid these ‘user error’ attacks through authentication policies that prevent unauthorised access to any of the organisation's networks, applications and devices, wherever they are located.

The U.S. government has also required that all federal agencies use MFA

Insurers aren't the only ones recommending and even mandating MFA. The U.S. government has also required that all federal agencies use MFA, per the Executive Order On Improving the Nation's Cybersecurity signed by U.S. President Joe Biden in May 2021. A similar recommendation has been made in Europe as part of ENISA guidelines.

The barriers to MFA adoption by SMBs

One might wonder why over 40% of small and medium size business(SMBs) in the United States don’t have a cybersecurity plan in place and why less than 15% of the ones that do have a plan, consider it to be inadequate.

According to the Cyber Readiness Institute, when we dive deeper into the details, there are three key barriers to MFA adoption:

  • Lack of Awareness — 55% of SMBs are reported to remain unprotected because they’re simply unaware of MFA and its benefits to their organisation.
  • Limited Understanding — Beyond a lack of awareness, 30% of business owners said they don’t utilise MFA because they simply don’t know how it works. In addition to the fundamental functionality, there are a variety of MFA options to consider, including a range of form factors that can be utilised to best meet an organisation’s needs.
  • Perceived Inconvenience — 20% of SMBs believe MFA is too inconvenient, when in reality, we’re all more familiar with the concept than we think.

How smaller businesses can best implement MFA

SMBs should see MFA as a fundamental piece of a larger cybersecurity puzzle

SMBs should see MFA as a fundamental piece of a larger cybersecurity puzzle by allowing them to quickly and easily increase security and convenience.

MFA isn’t only about security, its also about convenience. Implementing MFA allows organisations to eliminate reliance on passwords, which can significantly improve user experience. So what should decision-makers know about MFA in order to implement it for their SMB?

  • Ease of Use — The right MFA solution should offer a variety of authentication methods, but should also be easy to adopt and use across the organisation.
  • Multiple Methods and Form Factors — Determine the best combination of authentication methods and form factors. Some providers offer only a small selection, which can tie you down to very basic and inflexible options that do not fully meet your users unique needs.
  • Easy Deployment and Management — Time is money, especially for SMBs. Some solutions can take months to deploy, require extensive training and new installation codes, as well as potential overhauls to existing applications. Look for a solution that can be up and running in days.
  • A Complete Solution — Any MFA solution should provide comprehensive security across all of your assets, including your PCs, mobile devices, applications and networks
  • Compliance — Compliance impacts businesses of all sizes. As such, be sure to find a provider that meets evolving industry standards, including data protection such as GDPR and CCPA.
  • Adaptability — As your business grows, your security needs will also evolve, with some users or parts of your business requiring more security than others. Make sure your provider allows you to scale and adjust accordingly to offer the right security for the right users.

Blocking cybercriminal attempts

Leading and growing a smaller business is a big challenge. Fortunately, adopting MFA provides a safety net to help block cybercriminal attempts, protect your business’ reputation and most importantly, help protect your bottom line.

MFA should be the foundation for any robust security strategy and many cyber insurance companies now require it to reduce premiums and even qualify for coverage. For best results, organisations should choose a solution that is easy to deploy, offers a broad range of authentication options and form factors, and gives users a smooth and convenient authentication experience.

Download PDF version Download PDF version

Author profile

Eric Williams Senior Solutions Architect, HID

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?