Skip to content

MFA Now A Cyber-Insurance Requirement By Most Agencies To Qualify For Coverage

Compliance Plus

While MFA has long been a recommendation by agencies for cyber insurance, many organizations are finding out – either by trying to purchase new policies or renewing existing ones – MFA is now required for coverage.  Many contact centers and their customers are finding this out the hard way. 

BPOs are constantly required to navigate an ever-changing landscape of compliance requirements. We often talk about the complexities of meeting and maintaining PCI DSS compliance, but BPOs are being held to far more than just PCI standards now.

When large organizations that hire BPOs have new security requirements mandated by their insurers, the BPOs are now expected to match them. An inability to meet those insurance requirements can seriously hurt their bottom line. 

MFA On Every Endpoint

Cyber liability insurance, also commonly referred to as just cyber insurance, covers an organization's liability in the event of a data breach or other cyber incident. Cybersecurity insurance is intended to cover the fallout from a data breach, hack, or cyber-attack. Most policies include coverage for costs associated with forensic investigations, cybersecurity consultants, losses due to theft of funds, ransomware payments, costs associated with reputational damages, and the subsequent legal fees which follow a breach.

Because BPOs have access to their customers’ networks, they are being held to the same standards as their customers: they are required to have multi-factor authentication on every endpoint for cybersecurity insurance. This can present significant hurdles for BPO contact centers that do not have a pre-existing MFA solution in place, which can  result in loss of business and damage to their reputation. 

An unfortunate consequence of these new requirements is BPOs losing prospective clients because they are unable to afford the level of liability insurance required to close larger deals. These policies often exceed tens of millions of dollars. To sign that kind of deal, organizations need to be confident in their security posture.

Meeting Insurance Standards

What requirements need to be met to qualify for cybersecurity insurance? Besides the critical requirement to implement MFA across the organization, below is a checklist of additional measures organizations should take to ensure requirements for cyber security coverage are met.  Meeting these standards may also allow organizations to see a reduction in premium costs. According to most cyber insurance requirements, organizations should:

  • Raise cybersecurity awareness through continuing re-education and regular training
  • Effectively manage third parties and suppliers through regular security audits
  • Encrypt your data everywhere
  • Keep all your software and firmware updated
  • Develop, test, and document your incident response plan
  • Undergo regular penetration testing


Optimizing Contact Centers 

Twosense Passive MFA checks the box for multi-factor authentication on every endpoint and automates the agent out of the process, drastically increasing agents efficiency. If your organization may be on the hook for liability insurance, it's better to go above and beyond something that checks that MFA box. 

Twosense Continuous MFA provides all the same benefits provided by Passive MFA, but continuous monitoring provides extra security and enables BPOs to stop breaches within a minute!

Both Twosense products are designed specifically for BPOs. Phishing-resistant behavioral biometric MFA helps organizations not only achieve PCI DSS compliance but qualifies for cybersecurity insurance coverage and may even make your organization eligible for a policy discount. Deployment is as simple as installing the Windows agent and optional Browser Extension. There is no enrollment or additional training necessary, enabling IT teams to easily deploy always-on phishing-resistant MFA on every endpoint for every user.

To learn more about these products or to schedule your custom demo, click here.

More from the Blog

December 18, 2023

Automate BPO Identity Security with Twosense Behavioral MFA

In the rapidly evolving landscape of cybersecurity, the need for robust authentication measures is paramount. As BPOs &...
October 11, 2019

Microsoft says MFA is secure, the FBI says it isn't. They're saying the same thing.

October is turning out to be an interesting month in multi-factor authentication (MFA). Microsoft published the results...
April 18, 2022

Prompt Bombing MFA

As multi-factor authentication continues to be prioritized for security, evolving ways of bypassing MFA are born....

Sign Up for our Blog

We will never share your email address with third parties.