Matthew Duckworth, Director of IT Risk and Security, Asia Operations at MetLife Insurance, shares in a Security Edge interview how the insurer is consolidating tools, boosting resilience, and adopting AI responsibly.

In this interview, Matthew Duckworth discusses the organisation’s cyber security evolution since 2021.

He outlines a multi-year strategy underpinned by global investment and a focus on maturing cyber resilience.

Over the past three years, MetLife has consolidated tools, strengthened defences, and is targeting a cyber maturity level beyond Level 4.

Its current strategy centres on real-time threat detection, implementing zero trust principles, and exploring AI use cases with care and clarity.

Matt notes that perfection in cyber security is unrealistic, but using existing tools more proactively and effectively is now the key objective.

One major challenge he highlights is the complexity introduced by legacy systems and the proliferation of point-to-point solutions.

Despite strong resourcing, the organisation still faces visibility gaps due to siloed data and dispersed tools.

A core initiative is consolidating the security stack to achieve a unified view—a “single pane of glass”—that improves monitoring, oversight and patching efficiency.

A growing concern is access control and data classification, especially as AI tools like Microsoft Copilot are rolled out. Matt stresses the role of e-discovery and classification protocols in preventing unauthorised access to sensitive files, particularly financial data, across platforms like OneDrive and SharePoint.

On the AI front, MetLife is adopting Microsoft AI capabilities internally to boost productivity, automating approvals, summarising meetings, and supporting help desk operations.

While customer-facing AI is still in early stages, Matt sees strong potential in use cases like real-time sentiment detection in call centres.

He emphasises that trust, transparency, and human oversight are essential, especially in high-impact decision-making processes such as claims assessments.

On third-party and SaaS risk, MetLife mandates annual assessments for all vendors, including penetration testing and strategic reviews.

These are bolstered by continuous monitoring using tools such as BitSight and SecurityScorecard, with any drop below internal thresholds prompting further investigation.

 

Key takeaways:

  • Strategic cyber maturity: Since 2021, MetLife has significantly advanced its cyber security maturity, aiming beyond Level 4 by adopting real-time detection, zero trust, and AI integration.
  • Visibility through consolidation: The organisation is unifying its security stack to reduce complexity and improve oversight—particularly around access control and data classification on platforms like SharePoint and OneDrive.
  • Measured AI adoption with vendor scrutiny: Internal AI use is expanding (e.g. Copilot, help desk automation), while customer-facing AI remains cautious. Third-party and SaaS risks are tightly managed via annual assessments and continuous risk monitoring.
Contributors
Matthew Duckworth Director IT Risk and Security, Asia Operations at MetLife Insurance
infrastructures. With a strong background in IT security, Matt has built a reputation for his deep understanding of threat mitigation and data... More

infrastructures. With a strong background in IT security, Matt has built a reputation for his deep understanding of threat mitigation and data protection. His career is marked by a series of successful projects that have enhanced organizational security and resilience against cyber threats.

Matt’s dedication to cybersecurity extends beyond his professional work; he is an advocate for best practices in online safety and regularly contributes to industry discussions. His passion for the field is evident in his ongoing commitment to staying ahead of emerging threats and technologies.

In addition to his professional achievements, Matt enjoys exploring the latest tech innovations and sharing his knowledge with others. His contributions to the cybersecurity community make him a valued asset in the ongoing effort to protect digital environments.

Less
Gabby Fredkin Head of Analytics & Insights at ADAPT
As the Head of Analytics and Insights at ADAPT, Gabby Fredkin’s primary role is managing analysis to produce ADAPT’s actionable insights to... More

As the Head of Analytics and Insights at ADAPT, Gabby Fredkin’s primary role is managing analysis to produce ADAPT’s actionable insights to identify trends supporting organisations in Australia.

With a passion for creating stories with data, Gabby is consistently rated as one of the top speakers at ADAPT’s events. In roundtable discussions, he specialises in using statistics to initiate thought-provoking discussions, enabling ADAPT’s customers to become more data-driven.​

Using modern data science techniques, he provides ADAPT and its customers with confidence in the accuracy and validity of the information used for ADAPT’s research, advisory and events.

Working across artificial intelligence, machine learning, AI ethics, DevSecOps, end-user behaviour, and human-centred design, Gabby’s vast experience continues to grow, supported in part by a Master of Business Analytics from Deakin University.

Less
security modernisation compliance