Insurers are being urged to ditch legacy authentication methods such as passwords and SMS two-factor authentication that can be intercepted, phished or stolen. 

IT security group Yubico’s Asia-Pacific and Japan VP Geoff Schomburgk recommends the introduction of hardware keys instead.

The keys use cryptography to limit system access, addressing the “weak point of human susceptibility to deception”.  

Unique cryptographic key pairs make it near-impossible for attackers to replicate the authentication process, even if a user’s credentials or devices are stolen, Mr Schomburgk says.

The keys also require a physical touch or biometric check such as a fingerprint, significantly reducing the risk of remote or automated attacks.

Yubico says phishing accounts for about one-third of reported cyber events, and human error contributes to nearly 30% of data breaches.  

This “highlights the severity of the insider risk situation”, Mr Schomburgk says.

“The intersection of human error and increasingly advanced cyber tactics emphasises the fundamental importance of strong identity verification in effective cyber resilience, and especially within the insurance sector.”

He says regulators are pressuring insurers to strengthen identity assurance processes and prove that policyholders, brokers and claimants are who they claim to be.

“Adopting advanced identity verification methods is not only about compliance and risk reduction; it also reinforces an institution’s reputation for trustworthiness and credibility – brand trust that directly translates to better client retention.”