The phones now have apps from stores, banks, and messengers installed. They need to be protected.
You won’t surprise anyone with the login code to the phone itself.
At the same time, the SIM card is not protected by default now. There are already cases of fraud when the victim lost his phone for a couple of minutes, and at that time the SIM card was inserted into a specially prepared phone and money transfers in banks were automatically confirmed there and passwords were changed. To avoid this, it is enough to put a password on the SIM card. When you restart your phone, you need to enter it as if. After 3 unsuccessful attempts to enter the password, it is blocked. This way the attacker will not use your phone number.
Article for iPhone how to set a password on a SIM card: https://support.apple.com/en-us/118228
It is clear that it is inconvenient to enter another password when loading the phone, but security is very often inconvenient.