Media Center


Cyber Hygiene is Critical to Obtaining Cyber Liability Coverage

July 20, 2021

Increased cyber claims have necessitated the insurance carriers to scrutinize cybersecurity controls with an increasingly rigorous underwriting process. We are seeing premium increases 60 percent to 100+ percent. As insurance carriers focus on controls, cyber hygiene is crucial to securing cyber liability insurance coverage, and Multi-Factor Authentication (MFA) is essential.

Multifactor Authentication (MFA) is two authenticating factors to verify the identity of an individual. For example, password and app or password and biometric identification such as your fingerprint. Your organization should use MFA for the following:

  • Remote access for all employees and corporate users
  • Email access of non-corporate device or web app
  • Privileged/administrative access

If you do not have MFA in place, options for coverage will be limited or non-existent. MFA takes time to implement, so if you do not have this control in place, please take action immediately.


(Sources: Coveware, FBI Internet Report 2020)

Here are some questions to ask your IT team:

  • Do we use Multi-Factor Authentication (MFA) for:
    • To access email through a web app on a non-corporate device?
    • To protect privileged/ administrative user accounts?
    • Remote access to our network?
  • Have we phased out end of life or end of support software?
  • Do we filter emails for malicious content or links?
  • Are our backups encrypted?

If you answered “no” to any of the questions above, then we should discuss the impact of your cyber liability terms. Oswald is here to help, and we have resources that can support you in creating a roadmap for changes.

For more information visit our Cyber Risk page or contact me directly:

Lacy Rex
Cyber Strategic Leader


Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.