Aflac’s shift to passkeys brings big business benefits

At supplemental insurance coverage supplier Aflac, safeguarding info collected on behalf of workers and the shoppers and companies they serve is a key tenet of the corporate’s tradition, says Tim Callahan, world CISO.

“Cybercriminals are revolutionary, keen to take dangers, and haven’t any regard for laws,” Callahan says. “Criminals see the provider channels as a softer goal, which have skilled a rise of assaults. Now we have a strong third-party safety program, however we are able to’t management [its] setting.”

As well as, given the state of geopolitics, firms might develop into a corollary or ancillary goal, Callahan says.

“Whereas Aflac could not register as an organization that nation states would straight goal, we are able to nonetheless undergo the implications of widespread assaults,” he says. “Equally, provider channels are being impacted by software program provide chain points, which might even have a collateral impact on our firm.”

‘Quackcess Granted’: Ditching the password for passkeys

To harden its defenses and safeguard very important information, Aflac launched a multi-year path of maturation for its cybersecurity program, Callahan says, including that partnerships have been key to the technique.

“Now we have strengthened our strategic relationships with suppliers like Zscaler and CrowdStrike, enabling us to construct a deeper connection in our relationship,” he says. “Now we have additionally created partnerships with firms like WWT that may serve our world wants in each the US and Japan.”

One of the distinguished efforts has been “Quackcess Granted,” an ongoing growth of Aflac’s Client Identification and Entry Administration (CIAM) framework.

Initially, CIAM created a single, easy, safe authentication framework for purchasers, Callahan says. Aflac partnered with Transmit Safety, a supplier of identification and entry administration options, to deploy superior authentication choices. In that manner it is ready to tackle the core problem of shoppers partaking with Aflac primarily round life occasions.

“When clients attain out to Aflac for assist in their time of want, they don’t at all times keep in mind their credentials and have a tendency to get diverted into fixing a password downside,” Callahan says.

In response, Aflac supplied an answer, known as Passkey, which gives clients with an ordinary passwordless login expertise on their units, utilizing a safe functionality based mostly on open requirements. Passwords are nonetheless in place for customers who should not prepared to maneuver to passkey, or as an alternate path if wanted.

“Aflac is likely one of the first main insurance coverage firms to deliver this functionality to market,” Callahan says. “Passkey is being adopted by main firms comparable to Amazon, PayPal, House Depot,” and others.

Passkeys purportedly provide the means for a safer, user-friendly authentication course of, being sturdy, phishing-resistant, and device-bound, in addition to eliminating the necessity for passwords.

Since launching in a restricted launch in November 2023, and a full launch in Might 2024, Aflac has seen tangible enterprise outcomes. For instance, Passkey’s adoption fee has surpassed preliminary targets, at 32% in contrast with an estimate 10%. So far, about 26,500 Aflac policyholders have opted to enroll in Passkey, highlighting the worth and attraction of the know-how to Aflac clients, the corporate notes.

For its work on Passkey, Aflac has earned a 2024 CSO Award, honoring safety tasks that display excellent thought management and enterprise worth.

With Passkey, Aflac has seen a notable discount in assist calls associated to password resets and login points — one of many major goals of the mission. This not solely alleviates pressure on buyer assist assets, but in addition signifies improved person proficiency and satisfaction, as there have been no experiences of shoppers requiring technical help with Passkey.

There’s additionally been an enchancment in login success charges for Aflac policyholders. By eliminating passwords, Passkey has streamlined the login course of, decreasing login failures brought on by forgotten passwords. Because of Passkey, Aflac has seen an 11% discount in errors at login.

Moreover, Passkey has contributed to elevated operational effectivity inside Aflac’s digital ecosystem. With fewer assist calls and login errors, buyer assist groups can concentrate on higher-value actions, enhancing total productiveness and effectivity throughout the group.

Passkey’s implementation has additionally helped bolster cybersecurity at Aflac, mitigating the dangers of information breaches, password-related vulnerabilities, and unauthorized entry.

“Aflac will proceed to drive adoption [of Passkey] by way of focused buyer communications and deeper integration based mostly on information analytics,” Callahan says. “We additionally anticipate excessive buyer adoption as the answer turns into extra ubiquitous within the business.”

Quackcess Granted and Passkey have obtained widespread assist, as Aflac strives to make authorization and authentication safer and simpler for purchasers.

“There are solely so some ways to enhance the password expertise or make conventional multifactor authentication higher for our clients,” says Virgil Pool, senior client authentication lead for Aflac International Safety. “We’ve taken a extra vital step ahead by partnering with Transmit Safety to ship Passkey. Because of this, we’re reaching our aim of creating it simpler for our clients to get assist in their time of want.”

Cybersecurity tradition pays off

As a part of its safety technique, Aflac prioritizes its relationships with know-how and enterprise companions and has been “very intentional” about

explaining the necessity for safety to companions, workers, and clients.

“Our workers and companions are cyber-mindful and have been supportive of our goals, on account of our laser-focus method in speaking not solely the technical change, however the motive behind the change,” Callahan says.

The corporate has a big and sophisticated know-how footprint, and is vigilant

about its deployment of IT and safety instruments, working to make sure there’s loads of time for testing and implementing in smaller, incremental steps, he says.

“As an example, once we applied zero belief, we began small; [we] tackled a custom-made method, one division at a time, constructing by constructing,” Callahan says. “As we applied, we reviewed any changes earlier than we went additional. This technique has helped us keep away from errors and pitfalls that would impression our enterprise.”

The growing pace and class of threats requires larger ranges of safety resiliency to keep up the corporate’s enterprise danger tolerance, Callahan says. Aflac stays dedicated to “pushing the boundaries of cybersecurity,” he says. It does this by putting nice significance on info safety to guard in opposition to threats each exterior and inner.

“Our method is deeply rooted in our tradition,” Callahan says. “From the boardroom to the break room, we’ve a longstanding dedication of doing issues the correct manner.”

The important thing to acquiring enterprise buy-in for any cybersecurity initiatives is to incorporate enterprise companions and leaders within the decision-making course of, Callahan says. “They, in flip, will perceive the necessity and be capable of present suggestions and assist on the way to go about it.”

Aflac consists of senior enterprise companions in its governance committee, known as the Safety Oversight Committee. By this discussion board, executives can inform the safety group concerning the enterprise impression of insurance policies, requirements, and choices. “We stay in a world of no surprises, as a result of they’re included within the course of,” Callahan says.

“Aflac’s aim is to enhance safety posture and scale back impression of a cyberattack, whereas offering a seamless person expertise,” Callahan says. “The success of Passkey has confirmed to be a greater person expertise whereas offering higher safety.”