As cyber threat actors continue to innovate and find new ways to increase their odds of success, panelists at the 2022 Advisen Cyber Risk Insights Conference urged underwriters to raise the stakes when assessing insureds’ cyber exposure. One specific area of cybersecurity that has taken the spotlight with underwriters recently is multi-factor authentication, or MFA. But experts said most underwriters aren’t asking the right questions.
“When we ask people, ‘Hey, how’s your MFA?’ we also ask about exceptions. [We ask], ‘Who is exempt from this?'” said Eric Skinner, vice president of market strategy at TrendMicro. “And you may not be surprised to hear that frequently it’s executives who say, ‘Oh, I don’t want the inconvenience.’ Of course, they’re the ones who probably need it the most. So, with these broad questions in the insurance questionnaires asking, ‘Do you have MFA? Yes or no?’ we found there was a whole big gray area in between the yeses and the nos.”