According to Authy, you need to disable the multi-device feature one you have installed authy in your device/s, to prevent more devices from being added (i.e. a swim-swapped device). If however your associated email is also compromised, then there is a window of vulnerability past 24 hours of attempting to recover the account through email.

see: https://support.authy.com/hc/en-us/articles/360012427914-Is-the-Authy-App-Susceptible-to-a-SIM-Swap-