📊 Our 2024 Cyber Claims Report: Mid-year Update is out now!
Cyber Incident? Get Help

Why MDR is the Next MFA for Cyber Insurance

Why MDR is the Next MFA for Cyber Insurance

As we embark upon 2024, we’re focusing on the big picture. It can be easy to overlook major milestones when you’re deep in the throes of cyber risk — and that’s exactly what’s happened with multi-factor authentication (MFA).

Slowly but surely, MFA has become the most recognizable security control in cyber insurance. At Coalition, we’ve been championing its importance for years, but this reflective time of year got us thinking …

What’s the next MFA?

We asked the experts here at Coalition which current security control has the greatest potential to become a staple in every business’s cybersecurity strategy and even a requirement to obtain cyber insurance in the not-so-distant future.

Their answer? Managed Detection and Response (MDR).

Let’s look back at what helped MFA become the “it” security control in cyber insurance, why MDR is on a similar trajectory, and how brokers can use this information to help clients improve their cyber risk.

The evolution of MFA

MFA didn’t become a household name overnight. The security control dates back to the 1990s but didn’t gain traction until the mid-2000s. As smartphones grew in popularity, especially among businesses, so did MFA. The technology became more feasible once users had their own devices capable of verifying login attempts and receiving authentication codes as a second factor to complement passwords.

Large-scale data breaches in the 2010s pushed the security solution further forward, prompting the incorporation of additional factors and verification methods, like biometrics. Smartphone technology was essential to make MFA accessible and realistic: It allowed users to supplement something they know (their password) with something they have (their device) and, finally, something they are (fingerprints or face scans).

With more digital accounts and access, businesses needed a way to secure everything — and now you can apply MFA to everything.

Cyber insurance providers have embraced MFA because it’s easy to implement and creates enough friction to deter attackers and prompt them to move on to their next target. Many cyber insurers began incentivizing, or even requiring, MFA in the early 2020s after the increase in cybercrime brought on by the pandemic. These days, you’d be hard-pressed to find a cyber insurance policy that doesn’t mention MFA.

“If a business has MDR, they really have EDR and someone watching it full-time.” — Tiago Henriques, VP of Security Research at Coalition

Why MDR is the next MFA for cyber insurance

Acronyms aside, MDR has an interesting parallel to MFA. Cyber insurance providers are increasingly encouraging businesses to implement MDR — if not incentivizing or even demanding they do so — just as they did with MFA.

MDR leverages the alerting and detection capabilities of endpoint detection and response (EDR) with human threat hunters who can respond to alerts in real-time. EDR tools are valuable for detecting suspicious activities, but they’re an imperfect solution if there’s no human expertise in place to take necessary action.

“If a business has MDR, they really have EDR and someone watching it full-time,” said Tiago Henriques, VP of Security Research at Coalition. “If you look at some of the recent large-scale cyber events, like MOVEit or Citrix Bleed, many of the businesses that got hit would’ve been able to catch it and contain it if they had dedicated people or MDR in place.”

Using artificial intelligence and machine learning to spot anomalous and known malicious activity, MDR can help businesses catch threat actors mid-attack. However, what makes the security control truly differentiated is the team performing the response. When MDR detects suspicious activity, human experts can intervene in numerous ways, such as cutting the connection of a remote session, isolating impacted machines, or revoking privileges for compromised attacks.

“Most small businesses don’t have the resources to run a security operations center,” said John Roberts, General Manager, Security at Coalition. “Time, effort, technology costs — MDR is a more cost-effective way for businesses to add expertise and improve their security posture without adding headcount.”

MDR is more than just another tool: It can help businesses keep pace with new vulnerabilities without burdening existing teams or necessitating additional headcount.

“MDR is a more cost-effective way for businesses to add expertise and improve their security posture without adding headcount.” — John Roberts, General Manager, Security at Coalition.

Vulnerabilities at an all-time high

The “hot zero-day summer” may have passed, but the influx of critical vulnerabilities is likely the new normal.

Common vulnerabilities and exposures (CVEs) have steadily increased every year for nearly a decade, with more than 26,000 disclosed in 2023. What’s more, CVEs are among the most popular threat vectors for ransomware attacks, which reached a record-high of $365,000 per claim last year.

“Typically, we see misconfigurations lead to cyber attacks,” said Henriques. “But last year, vulnerabilities were heavily exploited to deploy ransomware.”

Managing and addressing a never-ending list of vulnerabilities can put pressure on security teams, especially those who are under-resourced. As a behavior-based service, MDR provides businesses with a way to not only identify potentially malicious activity but also determine the point of compromise.

“Without a dedicated team, a business using EDR is sacrificing many of its risk-reducing benefits. That’s what makes MDR so important.” — Chris Hendricks, Head of Coalition Incident Response

Overwhelmed by alert fatigue

With new vulnerabilities emerging at a rapid rate, businesses can feel like they’re being buried beneath an avalanche of security alerts. The overwhelming volume and repetitive nature of these alerts can cause alert fatigue.

“The danger of alert fatigue is that it can cause security professionals to lose the ability to distinguish between alerts that represent actual issues and everything else,” said Chris Hendricks, Head of Coalition Incident Response. “If you’ve ever felt swamped by a full inbox of unread emails, you know the feeling. Unfortunately, many security tools create a lot of noise and false positives.”

The growing number of vulnerabilities isn’t the only contributing factor to alert fatigue, either. As security tools grow in number and sophistication, they’ll get better at detecting new vulnerabilities and other types of anomalies — all of which amount to an even higher volume of alerts and an even greater need for human intervention. MDR can also bring together alerts from other tools and data sources, providing a more complete picture than any one tool alone.

“EDR is a powerful and important investment, but the value of security technology and alerts are diminished if nobody is actively addressing them,” said Hendricks. “Without a dedicated team, a business using EDR is sacrificing many of its risk-reducing benefits. That’s what makes MDR so important.”

Cyber insurance providers are increasingly encouraging businesses to implement MDR — if not incentivizing or even demanding they do so — just as they did with MFA.

MDR provides powerful risk prevention and response

Most businesses simply cannot afford 24/7 security. Threat actors know this and use it to their advantage.

The good news is that cyber insurance providers know it, too, which is why we continue to invest in security solutions that can help address cybersecurity pain points and improve insurability. Coalition Managed Detection & Response* gives businesses the technology and expertise to help respond and recover faster, minimize impact, and prevent future attacks.

As the cyber risk landscape evolves, businesses need help to better identify emerging vulnerabilities and enable predictable threat detection and response. Coalition MDR gives businesses a scalable, cost-effective way to proactively monitor and mitigate cyber risk.

This article originally appeared in the January 2024 edition of the Cyber Savvy Broker Newsletter. Subscribe to the newsletter to receive future editions directly in your inbox as we explore the most up-to-date and noteworthy topics in cyber insurance.


*Incident response services and Coalition Security Services MDR services are provided by Coalition Incident Response, an affiliate of Coalition, Inc. Incident response services are offered to policyholders as an option via our incident response firm panel.

This communication is not a proposal of insurance. This communication is designed to provide general information on the topic presented and is not intended to construe or the rendering of legal or other professional services of any kind. If legal or other professional advice is required, the services of a professional should be sought. The views and opinions expressed as part of this communication do not necessarily state or reflect those of Coalition. Neither Coalition nor any of its employees make any warranty of any kind, express or implied, or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product or process disclosed. Any action you take upon the information contained herein is strictly at your own risk. Coalition will not be liable for any losses and damages in connection with your use or reliance upon the information. Copyright © 2024. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc.