If insurance, the leading insurance company in the Nordics, uses the ServiceNow platform to manage and control their security testing efforts across all their business applications. With ServiceNow, If insurance has reduced the risk of data breaches and the security assessment process is fully documented. This solution improves their compliance with the new EU regulation DORA (Digital Operational Resilience Act) chapter 4.

The largest insurance company in the Nordics

If insurance is the leading property and casualty insurer in the Nordic region. The insurance giant has 7,600 employees and 4 million customers in the Nordic and Baltic countries. In 2022 the insurance company managed insurance premiums for 58 billion SEK and handled more than 1,4 million claims annually. Half of them are handled within 24 hours.

Cybersecurity is critical

Insurance and finance companies in the Nordics are under strict legislation. Both global and local laws and regulations must be complied with such as the new EU regulative DORA. Customer's privacy, general security, and cyber security are critical. If personal data and information go astray, it can be precarious for the company financially and due to lost reputation. Therefore, the insurance company has several processes in order to secure and protect their IT systems and applications. The security assessment is one such process to exploit risks in all business applications.

Structured security assessment

If insurance wanted a structured approach for the security assessment utilizing ServiceNow, where documentation and visual insights for all stakeholders were imperative. The goal was to make a solution where IT Management, the security team and the test team had a complete overview of the security assessment process, a place to document their findings and ensure the conclusions of their tests were properly followed up on. Therefore, to help build such a solution in ServiceNow, If insurance reached out to The Cloud People for advice and support.

Custom built on the ServiceNow platform

Due to the complicated security assessment processes, and the complexity and scale of the organization, The Cloud People needed to build custom workflows, processes, and dashboards on top of the ServiceNow platform. With the new solution, anyone at If insurance who is responsible for an application can ask the security department for a security assessment. They just need to fill out a form in the ServiceNow portal explaining what the scope of the test is. Then the security team will start working, using different tools and applications for penetration testing. The consultants prioritize the findings from critical to informational in the ServiceNow security assessment portal. The portal also shows the status and deadlines for when critical findings will be repaired. The findings and repair status are shown in real-time updated dashboards available for all stakeholders. The whole process is tracked in the ServiceNow platform, from requesting a security assessment to how the repairs are going.

The benefits for If insurance

The custom built security assessment process with dashboards on top of the ServiceNow platform has given If insurance various benefits such as:

• Improved compliance with Digital Operational Resilience Act (DORA) chapter 4.
• Overall better cyber security.
• Less risk of data breaches and loss of critical data and information.
• Documentation of the process and work done around security assessment.
• Less manual work.
• Real-time visual status on the security assessment for each application tested for management and all stakeholders. 

Easy reporting and documentation

The security assessment solution based on ServiceNow makes it easy for If’s security personnel to prioritize the most critical tasks. Now, If insurance has a structured process and can report to management and stakeholders on the progress through real-time updated dashboards. At the same time, the security assessment is documented.