The average U.S. business experiences 42 cyberattacks each year, according to the “2022 US Cybersecurity Census Report" from Keeper. When it comes to cybercrime, it's not a matter of if, but when, your agency will be targeted.

Insurance carriers and agencies have valuable client lists. Sensitive personal information can be stolen through phishing attacks, malware, and ransomware, and sold on the dark web. Consider the examples of CNA, Chubb, Aon, Aflac and Zurich—all victims of data breaches.

As a result, regulators expect agencies to implement reasonable data security measures. The cyber insurance market also exerts pressure on players to modernize their protections if they want coverage.

For example, any agent who has sold a cyber liability policy lately knows that insurers have tightened their requirements and clients must employ a laundry list of security controls to qualify for insurance.

Multifactor authentication (MFA) is top of the list. Most cybercriminals hack into a system by stealing someone's login information. MFA creates an additional layer of security that can't be easily compromised. When logging in, the user must provide additional authentication, usually a PIN, one-time password or biometric signature.

Instituting MFA is part of building a strong cybersecurity culture. Cyberattacks succeed mostly because employees aren't trained to recognize phishing emails or to change their passwords. Employees may also compromise security by failing to update software and by using public WiFi.

MFA is frequently built into software, but too many businesses fail to implement it. What is cyber insurance carriers' increasingly popular response? “Make MFA a part of your login credentials, or we won't insure you." That's a powerful incentive to get your cybersecurity house in order.

Businesses that haven't instituted MFA are finding cyber coverage a nonstarter. MFA and strong password protection are security measures that any business—including agencies—can easily implement, and the payoff is dramatic.

According to the 2022 Travelers Risk Index, 90% of U.S. businesses said they were familiar with MFA, yet only 52% said their company had implemented the practice for remote access. And according to Arctic Wolf Labs' analysis of its internal data from 2022, business email compromise (BEC) attacks accounted for 29% of response cases, with 58% of victim organizations failing to have MFA enabled.

Would you believe in some cases it's as simple as turning MFA on? And while MFA requires a little extra effort, tools are available to reduce multiple logins to just one.

Alvito Vaz is executive director of ID Federation. ID Federation is the nonprofit insurance group that created SignOn Once, which enables one login identity to replace multiple IDs and passwords for insurance professionals. The Big “I" Agents Council for Technology helped ID Federation pave the way for SignOn Once to be built by and for the insurance industry.