Many businesses think they’ve “solved MFA.” It’s rolled out across core apps, enforced at the IdP, and backed by policy. But public breaches tell a different story.

Our research shows 2 in 5 corporate accounts are missing a second authentication factor. That leaves business apps exposed to weak or stolen passwords — easy prey for attackers, and enough to open the door to data theft, ransomware, and extortion.

This whitepaper outlines how MFA enforcement is shaping compliance, insurance, and cyber resilience, and how leaders can close the gap.