About the customer
P&V Group is a Belgium based cooperative, providing insurance solutions to individuals, businesses, and the public. Faced with the growing threat of cyberattacks targeting financial institutions, the insurance group turned to Outpost24 for timely vulnerability identification and enhanced security governance
The Challenge for P&V Group
Building a robust vulnerability management program
Insurance is a highly regulated sector and growth can be impacted if security controls cannot be proved to clients and regulators alike. The security team at the P&V Group must combat this ongoing challenge by ensuring security is a priority throughout the business.
Carlo Werbrouck, Chief Information Security Officer oversees the security including its 1,700 employees and 600 distributed insurance agents, reporting to the group CIO and managing the security governance alongside key security strategies: physical and information security. All three elements are essential to the secure running of the operations and ensuring the business remains compliant with insurance regulations and proving security assurance to their large client base, which is key to achieving their 2022 security maturity targets in the business plan.
To maintain asset visibility and security governance for the entire organization, the P&V Group opted for Outpost24’s network security assessment tools to protect their infrastructure and perimeter. With discovery scans and continuous assessment, it ensures any issues and deviations identified by the security team can be communicated to IT and dealt with quickly in line with their security KPI’s and policies.
Before utilizing Outpost24 Carlo didn’t have structural access to the granular information around CVE’s and threats to direct his decision making. The information on vulnerabilities from yearly and ad hoc pen tests soon became insufficient as the attack surface changed, making it difficult to keep up with new risks.
Carlo and his team now use this information to improve the security posture and prove compliance status for the insurance regulators and clients, which is also essential for the company’s cyber security insurance policy.
Outsourcing VM to increase security maturity and optimize efficiency
As the business grows Carlo encounters the same problems many CISOs face – security resource and skills shortages. Overwhelmed with the threat of a breach, compliance and a growing number of new CVEs, the security team needed a better understanding of their risks vs vulnerabilities and more manpower to handle the day to day work of vulnerability assessment. That’s when P&V Group decided to subscribe to Outpost24’s Managed Services vulnerability management program, so he can focus resource on more strategic projects and provide value add to the business.
Looking ahead to 2021 and beyond
Maintaining company-wide security awareness is one of Carlo’s main goals in the New Year. Security awareness within the organization, from top to bottom, is essential for them to achieve the highest level of security maturity. Carlo comments, “Security used to be left behind and now we make it more interesting for people to understand and buy into. The Outpost24 Managed Services team have helped us immensely in providing the insights and tools to manage our risks more effectively which has had a positive effect throughout the P&V Group by making security a top priority”.
Carlo recommends a managed vulnerability management solution to outsource continuous monitoring of internet facing network and application vulnerabilities for companies looking to improve their security resilience. Through hard work and collaboration with Outpost24 they’ve reached a good level of security maturity, which is key to supporting the growth targets set by the board by 2022 – the positive impact has been shared amongst business leaders and helped secure their future security investment.