Cyber Incident? Get Help

Coalition Announces New Incentive for Businesses Implementing Multi-Factor Authentication (MFA)

Data shows that MFA is 99.9% effective in preventing an account takeover, yet only 28% of people use it

SAN FRANCISCO, CA – (September 10, 2019) — Coalition, the leading cyber insurance company for small and midsize businesses, today announced a new incentive program to reward policyholders who implement Multi-Factor Authentication (MFA, also commonly known as 2FA) on their business email accounts. Recent reporting shows that enabling MFA can block up to 99.9% of automated cyber attacks, and Coalition is the first cyber insurance provider to further incentivize this essential security practice. With this new offering, if a Coalition policyholder has MFA or 2FA enabled and required on business email—and a funds transfer fraud, security failure, or data breach incident occurs due to a business email compromise—they are eligible for a 50% reduction in the largest applicable deductible, up to $10,000.

Approximately 36% of claims reported by Coalition policyholders occurred due to a business email compromise, ultimately resulting in a range of losses from ransomware, social engineering, and funds transfer fraud to regulatory penalties, data restoration costs, among others. Each incident resulted in an average loss of more than $160,000, a significant figure for any small or midsize business. Each of these losses could have been avoided altogether or substantially minimized if the policyholder had MFA in place. However, a 2017 Duo study found that only 28% of people protect their accounts with MFA. 

“Many companies place the entire fate of their security on a username and password, but the reality is that most passwords can easily be compromised,” said Joshua Motta, Founder and CEO at Coalition. “That most companies are one compromised password away from what could be a company-ending loss is frightening. And yet the risk can be substantially diminished at no cost by implementing MFA. Incentivizing our policyholders to adopt essential security practices such as MFA is part of our mission to solve cyber risk, and means that we can offer better insurance pricing as a result.” 

Multi-Factor Authentication is a security measure that adds a layer of protection to systems by requiring an additional factor of authentication beyond a username and password. Using MFA, users must also provide a digital token or code that is provided by a secondary device in the user’s possession to gain access to their account. Having these two (or more) levels of authentication in place makes it nearly impossible for a hacker to compromise an account even if they’ve stolen or compromised a user’s username and password. In most cases MFA is free and easy to enable, and can be easily configured in popular productivity software such as Google Suite and Office 365. 

Recent data from Verizon’s 2019 Data Breach Investigations Report found that stolen login credentials are the leading cause of data breaches and that 60% of email breaches resulted from hackers using stolen credentials to access a web-based email system. MFA is an easy and economical means to prevent account takeovers, including blunting the effectiveness of credential stuffing, where an attacker tries usernames and passwords found elsewhere. With MFA in place, even accurate usernames and passwords are not enough on their own to compromise the system.

This offering is now available on all Coalition Surplus Lines policies. For more information, visit

About Coalition

Coalition, the fastest-growing provider of cyber insurance in the United States, combines comprehensive insurance and cybersecurity tools to help businesses manage and mitigate cyber risk. Backed by A+/A rated insurers Swiss Re Corporate Solutions, Lloyd’s of London, and Argo Group, Coalition provides companies with up to $15 million of cyber and technology insurance coverage in all 50 states and the District of Columbia. Coalition’s cyber risk management platform provides automated security alerts, threat intelligence, expert guidance, and cybersecurity tools to help businesses remain resilient in the face of cyber attacks. Coalition is headquartered in San Francisco.