
Cyber Insurance 2026: MFA and Training Requirements
In 2026, no MFA can mean no coverage, and underwriters now want documented awareness training and phishing simulations too. Here is what insurers look for and how to evidence it.
Security awareness tips, industry news, and product updates.

In 2026, no MFA can mean no coverage, and underwriters now want documented awareness training and phishing simulations too. Here is what insurers look for and how to evidence it.

DORA is best known for ICT risk and incident reporting, but it also makes security awareness training a compulsory module for staff and management. Here is what financial entities must do, and how to evidence it.

empowsec lets you organize employees into departments, give managers scoped visibility into their team's training and phishing results, and deliver weekly compliance digests so nothing slips through the cracks.

ISO/IEC 27001:2022 expects more than a once-a-year slideshow. Here is what the standard actually requires for security awareness, and how to prove it to your auditor.

PCI DSS v4.0 raised the bar for security awareness, naming phishing and social engineering explicitly. Here is what the standard now requires if you handle card data.

The EU AI Act is no longer theoretical. From the AI-literacy duty to deepfake transparency rules, here is what security and awareness teams need to act on now.

empowsec reporting dashboards consolidate training completion, phishing simulation results, and risk scores into a single view - filterable by user, department, or company - with the same data available via API for your existing BI tools.

empowsec issues verifiable completion certificates every time a learner finishes an assignment or course, giving compliance teams clean, downloadable PDF evidence they can present to auditors without any extra effort.

empowsec lets you bundle modules into courses, assign them to users or departments with due dates, automate reminders and manager escalations, and set up annual renewals - so compliance training runs itself rather than requiring manual follow-up.

empowsec delivers training in each employee's own language: modules, courses, interactive lessons, and phishing templates all support per-language translations, with bulk import tooling and hreflang SEO for public pages.

The NIS2 Directive requires organizations to implement cybersecurity awareness training. Here's exactly what the regulation demands, who it applies to, and how to build a compliant program.