Get the inside scoop with LoginTC and learn about relevant security news and insights.

Cybersecurity Insurance and MFA Attestations: Everything You Need To Know

December 13, 2021Victoria Savage

Has something like this happened to you recently? Your cybersecurity insurance is up for renewal, or perhaps you’re looking into purchasing some for the first time following a ransomware attack, and your insurer comes back to you with a surprising answer: fill out this MFA attestation form, or your premiums are going up. Depending on your risk profile, maybe you’ve even been denied coverage entirely.

What is this new requirement and why are cybersecurity insurance policies getting more strict about premiums, coverage levels, and risk profiles?

Today, we’re taking a look at the cybersecurity insurance environment as it stands today — how it got there, where it’s going, and how you can protect your company amidst the skyrocketing cost of insurance.

What is Cybersecurity Insurance?

With the rise in remote work, and the subsequent acceleration of ransomware attacks, more and more companies are looking to protect their data and information the same way they protect their health, life, and assets — with insurance.

Cybersecurity insurance is a rapidly growing industry, and it’s not slowing down any time soon. According to a MarketsandMarkets report, the cybersecurity insurance market is expected “to grow from $7.8 billion in 2020 to $20.4 billion by 2025”. That’s an annual growth rate of 21.2%.

Yet with this growth has come challenges. Insurance companies are now shouldering the enormous burden of ransomware payouts, which have increased 150% in frequency and 290% in average cost. In response to this, premiums are rising sharply and insurance companies are looking for new ways to reduce the risk profile of clients they take on.

That brings us to the topic of MFA attestations and cybersecurity questionnaires.

What is an MFA Attestation?

The same way you may be asked to fill out a medical assessment form when applying for health insurance, insurers are now asking companies for an assessment of a prospective customer’s cyber health as well.

MFA attestation forms, and supplemental cybersecurity questionnaires ask companies to confirm they have preemptively protected their network in a variety of ways. You may have seen one of these forms recently, like this Travellers insurance one, with yes/no questions such as:

  1. Multi-Factor authentication is required for all employees when accessing email through a website or cloud based service.
  2. Multi-Factor authentication is required for all remote access to the network provided to employees, contractors, and 3rd party service providers.
  3. In addition to remote access, multi-factor authentication is required for the following, including such access provided to 3rd party service providers:
    1. All internal & remote admin access to directory services (active directory, LDAP, etc.).
    2. All internal & remote admin access to network backup environments.
    3. All internal & remote admin access to network infrastructure (firewalls, routers, switches, etc.).
    4. All internal & remote admin access to the organization’s endpoints/servers.
  4. The signer of this form has done so with the assistance of the person in charge of IT security.

“We expect that MFA Attestations, similar to the one Travellers Insurance has started requiring, will become commonplace starting in 2022”, said CEO & Founder of Cyphercor, Diego Matute. “We’re predicting that customers who don’t have these minimum controls in place will start to see their premiums rise, their coverage shrink, and even be denied coverage outright.”

Insurance companies are also starting to implement stress tests, remote vulnerability scans, and other types of cyber risk assessments in order to ensure that their clients are meeting these increasingly stringent requirements.

Companies are left scrambling to find a strong, secure solution that will pass their insurers tests, but that’s also simple to implement, won’t over-complicate daily processes, and is affordable for any sized business.

What can companies do to meet these stringent requirements?

LoginTC is a comprehensive MFA solution that offers complete protection for your applications and services, with multiple authentication methods for your users, at an affordable price point.

If you send us the MFA Attestation form that you’ve been asked to complete by your insurer, we can help you set up MFA on your network, and secure your endpoints so that you can confidently check off ‘Yes’ to any requirements your insurance company has.

Implementing our MFA solution takes less than an hour. We can walk you through it directly, or you can try it yourself using our documentation pages or walk-through videos along with your 15 day free trial.

If you’re interested in learning more about how LoginTC can help you lower your insurance premiums, or even qualify for insurance you’ve been previously denied, reach out today at

Start your free trial today. No credit card required.

Sign up and Go