Cyber threats are increasing in both frequency and sophistication, so relying solely on passwords is no longer enough to protect digital accounts that protect sensitive data. This is why multi-factor authentication (MFA) has quickly become a critical security measure due to the additional protection it provides.
Here is what you need to know about multi-factor authentication, including how it works, its benefits, as well as why it’s a growing requirement in cyber insurance policies.
What is multi-factor authentication?
Multi-factor authentication adds a second layer of identity verification when logging into an account. After entering their username and password, users must provide an additional credential, such as a verification code.
Here are the details on the two most common MFA methods:
- Authenticator apps: Generate a new verification code every 60 seconds.
- SMS: A verification code is sent to the user’s mobile device.
MFA makes it more challenging for potential attackers to gain access to the protected account, thus making it resistant to common attacks, particularly phishing scenarios.
Get the protection you need for your business.
The cost of not using MFA
Without MFA, sensitive accounts are left vulnerable to multiple security threats, which can result in prolonged system downtime, reputational damage, as well as significant financial loss for organizations. Here’s a recent example of what this can look like:
In February 2024, the City of Hamilton experienced a ransomware attack on their systems that disrupted many municipal services, such as Ontario Works and tax services, for several weeks.1
Unfortunately, many of their departments lacked multi-factor authentication. This contributed to the denial of the City of Hamilton’s $5 million insurance claim. As of July 2025, reports indicate the City has spent $18.4 million to rebuild its systems and will continue to pay approximately $400,000 monthly until November 2026.2
MFA and cyber insurance
Multi-factor authentication is now a standard requirement in many cyber insurance policies. Therefore, without MFA, coverage may be denied, even if a cyber insurance policy is in place. As such, it’s vital for individuals and organizations to have cyber insurance and understand all their policy requirements to ensure appropriate coverage.
Although the City of Hamilton had a cyber insurance policy in place, the insurer identified the lack of MFA in municipal departments as a root cause of the data breach stemming from the ransomware attack. As a result of this finding, the insurer excluded coverage for related financial losses.2
The City of Hamilton case reflects a broader shift in the industry. Multi-factor authentication used to be considered an optional safeguard for securing your digital accounts, and as such, it wasn’t always a key component of cyber liability insurance policies. Over the years, however, MFA has become more commonplace and the technology backing it has advanced. Thus, insurers now consider MFA essential for cyber risk management and include it as a requirement for cyber insurance policies.
Best practices for implementing MFA
Implementing multi-factor authentication is a smart decision for any individual or organization. However, there is some strategy involved. First, it’s vital to evaluate and choose the right MFA method for your needs. The following are some of the common MFA methods out there:
- SMS-based
- Authenticator app
- Hardware token
- Email codes
SMS-based MFA is incredibly common, though many believe authenticator apps offer more robust security. When selecting the most appropriate MFA method to secure sensitive accounts, there are also other factors to consider, such as account types, user roles, risk levels, and device access.
Implementing a carefully selected MFA method is only the first step. Organizations should also do the following:
- Educate users on MFA usage and benefits
- Review and update MFA regularly to stay ahead of new and emerging threats
Following these best practices boosts MFA adoption rates, smooths the transition period, and ultimately maximizes account protection.
Moving forward with multi-factor authentication
Multi-factor authentication is an effective method of strengthening your online security. The City of Hamilton’s experience highlights how MFA can play a key role not just in preventing breaches, but also in meeting insurance provider expectations.
At Cowan Insurance Group, we help clients build cyber insurance policies tailored to their risk profile and ensure compliance with MFA and other policy requirements. Speak with one of our experts today to get started.
Sources
- CBC News. (March 15, 2024). Hamilton refuses to pack hackers ‘huge’ ransom in wake of cyberattack. Retrieved from URL↵
- CBC News. (July 31, 2025). Insurance won't cover $5M in City of Hamilton claims for cyberattack, citing lack of log-in security. Retrieved from URL↵
-min.jpg?width=400&name=AJ%20Feltis%20(1)-min.jpg)
-min.jpg?width=400&name=Healthy_Workplace_Blog%20(1)-min.jpg)
-min.jpg?width=400&name=Over%20Age%20Dependants_Blog%20(1)-min.jpg)
