[paywall]
“Around 18 months ago, underwriters asked companies whether they required multifactor authentication when administrators accessed their system, said Tom Reagan, cyber practice leader in Marsh McLennan’s financial and professional products specialty practice. Today there’s an expectation that multifactor authentication is used throughout the organization, not just by administrators, he said.
Insurers also expect organizations to have planned and tested for a cyber event, such as through tabletop exercises, Mr. Reagan said: ‘They are not just interested in your smoke alarms, they want to hear about the fire drills.'”
Source: Buying Cyber Insurance Gets Trickier as Attacks Proliferate, Costs Rise