At supplemental insurance coverage supplier Aflac, safeguarding data collected on behalf of workers and the shoppers and companies they serve is a key tenet of the corporate’s tradition, says Tim Callahan, international CISO.
“Cybercriminals are revolutionary, prepared to take dangers, and don’t have any regard for laws,” Callahan says. “Criminals see the provider channels as a softer goal, which have skilled a rise of assaults. We’ve a sturdy third-party security program, however we are able to’t management [its] setting.”
As well as, given the state of geopolitics, firms might change into a corollary or ancillary goal, Callahan says.
“Whereas Aflac might not register as an organization that nation states would immediately goal, we are able to nonetheless endure the results of widespread assaults,” he says. “Equally, provider channels are being impacted by software program provide chain points, which might even have a collateral impact on our firm.”
‘Quackcess Granted’: Ditching the password for passkeys
To harden its defenses and safeguard very important information, Aflac launched a multi-year path of maturation for its cybersecurity program, Callahan says, including that partnerships have been key to the technique.
“We’ve strengthened our strategic relationships with suppliers like Zscaler and CrowdStrike, enabling us to construct a deeper connection in our relationship,” he says. “We’ve additionally created partnerships with firms like WWT that may serve our international wants in each the US and Japan.”
Probably the most distinguished efforts has been “Quackcess Granted,” an ongoing improvement of Aflac’s Shopper Identification and Entry Administration (CIAM) framework.
Initially, CIAM created a single, easy, safe authentication framework for purchasers, Callahan says. Aflac partnered with Transmit Safety, a supplier of identification and entry administration options, to deploy superior authentication choices. In that method it is ready to deal with the core problem of consumers participating with Aflac primarily round life occasions.
“When clients attain out to Aflac for assist in their time of want, they don’t all the time keep in mind their credentials and have a tendency to get diverted into fixing a password drawback,” Callahan says.
In response, Aflac offered an answer, referred to as Passkey, which supplies clients with a typical passwordless login expertise on their gadgets, utilizing a safe functionality based mostly on open requirements. Passwords are nonetheless in place for customers who should not prepared to maneuver to passkey, or as an alternate path if wanted.
“Aflac is among the first main insurance coverage firms to carry this functionality to market,” Callahan says. “Passkey is being adopted by main firms akin to Amazon, PayPal, House Depot,” and others.
Passkeys purportedly provide the means for a safer, user-friendly authentication course of, being sturdy, phishing-resistant, and device-bound, in addition to eliminating the necessity for passwords.
Since launching in a restricted launch in November 2023, and a full launch in Might 2024, Aflac has seen tangible enterprise outcomes. For instance, Passkey’s adoption fee has surpassed preliminary targets, at 32% in contrast with an estimate 10%. Up to now, about 26,500 Aflac policyholders have opted to enroll in Passkey, highlighting the worth and attraction of the expertise to Aflac clients, the corporate notes.
For its work on Passkey, Aflac has earned a 2024 CSO Award, honoring security initiatives that exhibit excellent thought management and enterprise worth.
With Passkey, Aflac has seen a notable discount in assist calls associated to password resets and login points — one of many main aims of the challenge. This not solely alleviates pressure on buyer assist sources, but in addition signifies improved person proficiency and satisfaction, as there have been no stories of consumers requiring technical help with Passkey.
There’s additionally been an enchancment in login success charges for Aflac policyholders. By eliminating passwords, Passkey has streamlined the login course of, lowering login failures brought on by forgotten passwords. On account of Passkey, Aflac has seen an 11% discount in errors at login.
Moreover, Passkey has contributed to elevated operational effectivity inside Aflac’s digital ecosystem. With fewer assist calls and login errors, buyer assist groups can deal with higher-value actions, bettering general productiveness and effectivity throughout the group.
Passkey’s implementation has additionally helped bolster cybersecurity at Aflac, mitigating the dangers of data breaches, password-related vulnerabilities, and unauthorized entry.
“Aflac will proceed to drive adoption [of Passkey] by focused buyer communications and deeper integration based mostly on information analytics,” Callahan says. “We additionally anticipate excessive buyer adoption as the answer turns into extra ubiquitous within the business.”
Quackcess Granted and Passkey have obtained widespread assist, as Aflac strives to make authorization and authentication safer and simpler for purchasers.
“There are solely so some ways to enhance the password expertise or make conventional multifactor authentication higher for our clients,” says Virgil Pool, senior client authentication lead for Aflac International Safety. “We’ve taken a extra important step ahead by partnering with Transmit Safety to ship Passkey. Consequently, we’re reaching our aim of constructing it simpler for our clients to get assist in their time of want.”
Cybersecurity tradition pays off
As a part of its security technique, Aflac prioritizes its relationships with expertise and enterprise companions and has been “very intentional” about
explaining the necessity for security to companions, workers, and clients.
“Our workers and companions are cyber-mindful and have been supportive of our aims, as a result of our laser-focus strategy in speaking not solely the technical change, however the purpose behind the change,” Callahan says.
The corporate has a big and sophisticated expertise footprint, and is vigilant
about its deployment of IT and security instruments, working to make sure there may be loads of time for testing and implementing in smaller, incremental steps, he says.
“As an example, after we carried out zero belief, we began small; [we] tackled a personalized strategy, one division at a time, constructing by constructing,” Callahan says. “As we carried out, we reviewed any changes earlier than we went additional. This system has helped us keep away from errors and pitfalls that would affect our enterprise.”
The rising velocity and class of threats requires greater ranges of security resiliency to keep up the corporate’s enterprise danger tolerance, Callahan says. Aflac stays dedicated to “pushing the boundaries of cybersecurity,” he says. It does this by putting nice significance on data security to guard in opposition to threats each exterior and inside.
“Our strategy is deeply rooted in our tradition,” Callahan says. “From the boardroom to the break room, we have now a longstanding dedication of doing issues the best method.”
The important thing to acquiring enterprise buy-in for any cybersecurity initiatives is to incorporate enterprise companions and leaders within the decision-making course of, Callahan says. “They, in flip, will perceive the necessity and be capable to present suggestions and assist on how you can go about it.”
Aflac consists of senior enterprise companions in its governance committee, referred to as the Safety Oversight Committee. Via this discussion board, executives can inform the security staff in regards to the enterprise affect of insurance policies, requirements, and choices. “We stay in a world of no surprises, as a result of they’re included within the course of,” Callahan says.
“Aflac’s aim is to enhance security posture and cut back affect of a cyberattack, whereas offering a seamless person expertise,” Callahan says. “The success of Passkey has confirmed to be a greater person expertise whereas offering higher security.”
