
Cyber Insurance 2026: MFA and Training Requirements
In 2026, no MFA can mean no coverage, and underwriters now want documented awareness training and phishing simulations too. Here is what insurers look for and how to evidence it.
Security awareness tips, industry news, and product updates.

In 2026, no MFA can mean no coverage, and underwriters now want documented awareness training and phishing simulations too. Here is what insurers look for and how to evidence it.

DORA is best known for ICT risk and incident reporting, but it also makes security awareness training a compulsory module for staff and management. Here is what financial entities must do, and how to evidence it.

empowsec lets you organize employees into departments, give managers scoped visibility into their team's training and phishing results, and deliver weekly compliance digests so nothing slips through the cracks.

ISO/IEC 27001:2022 expects more than a once-a-year slideshow. Here is what the standard actually requires for security awareness, and how to prove it to your auditor.

PCI DSS v4.0 raised the bar for security awareness, naming phishing and social engineering explicitly. Here is what the standard now requires if you handle card data.

The EU AI Act is no longer theoretical. From the AI-literacy duty to deepfake transparency rules, here is what security and awareness teams need to act on now.

Ransomware is hitting healthcare harder than ever in 2026, and the stakes are measured in patient safety. Here are the trends, HIPAA duties, and human-layer defenses that matter.

empowsec reporting dashboards consolidate training completion, phishing simulation results, and risk scores into a single view - filterable by user, department, or company - with the same data available via API for your existing BI tools.

empowsec issues verifiable completion certificates every time a learner finishes an assignment or course, giving compliance teams clean, downloadable PDF evidence they can present to auditors without any extra effort.

One compromised chatbot integration exposed 700+ organizations through stolen OAuth tokens. The Salesloft Drift attack shows why third-party access is now your biggest blind spot.

98% of organizations report unsanctioned AI use, and most have no policy to manage it. Shadow AI has become a top insider data-loss risk — and it's a security awareness problem.

A real breach is the worst time to discover that no one knows who decides whether to pay a ransom. Tabletop exercises expose those gaps in a conference room instead of a crisis.