Hoxhunt logo
Why Hoxhunt?
Solutions
CustomersPricing
Resources
Company
Sign inRequest demo
Hoxhunt black logoRequest a demo
case study

How If P&C Insurance reduced human cyber-risk

Client logo
About icon
About

If is the leading property and casualty insurer in the Nordic region. If offers a full range of P&C insurance solutions and services to a broad customer base, from private individuals to large corporate customers.

If operates on a pan-Nordic basis leveraging both scale and capabilities across all areas in If. If's key success factor is continuous improvement of its operations.

Having a focus on underwriting by understanding risk better than competitors, setting the right prices, and offering the best products and services, has been the strategic theme for more than a decade.

  • Industry: Insurance
  • Employees: 10,000+
Challenge icon
Challenge
As leaders in the insurance industry, If needed to satisfy mounting regulatory pressures to demonstrate measurable resilience for business partners and auditors in an environment of escalating cyber-attacks.
solution icon
Solution
Within months, Hoxhunt delivered measurable behavior change and risk reduction with a security behaviour change program that has remained highly effective and widely appreciated after multiple years in use.
Key takeaways:
Featured image

Key results

  • Success rate: Increased 68%, from 40% to 67% 
  • Failure rate: Decreased 63%, from 8% to 3%
  • Miss rate: Decreased 42%, from 52% to 30%
  • Resilience ratio (Success rate / failure rate): Increased 340%, from 5 to 22
  • * Resilience ratio better measures an organizations' cyber skills and vulnerability to a phishing breach than failure rate exclusively by factoring in engagement and successful threat reporting behaviour.

  

In their words:

  1. "Hoxhunt has transformed our cybersecurity training program. Their innovative approach and effective simulations have made it the best solution we've come across." – Taif Mobarek, Security Awareness Manager
  2. "The results speak for themselves. Hoxhunt's training has significantly reduced our employees' susceptibility to phishing attacks. We have tested it against competing products, and it's undoubtedly the best solution out there." – Peter Granlund, CISO

  • Hoxhunt's simplicity and automation make it easy for the security team to operate.
  • Seamless integration into existing systems like Azure AD optimizes the program’s efficiency, automation, results, and analytics.
  • The platform's randomized phishing simulation cadence and personalized training experiences, which adapt to individuals’ skill levels over time, maximize engagement.
  • Threat reporting behaviour-based data reveals current phishing trends and maps organizational human risk in real-time.
  • The platform's positive user experiences and gamification elements foster a vibrant cybersecurity culture.
  • Hoxhunt generates robust metrics that show the program’s value to leadership and demonstrates resilience to partners and auditors, aligning with evolving regulatory requirements and insurance industry best practices. 

Cyber insurance, performance metrics, and risk posture

The insurance industry at large, and cyber insurance in particular, are undergoing significant changes. Insurers and their customers are facing a systemic shift towards responsibility and accountability for one’s cybersecurity posture. Auditory, regulatory, and compliance standards are tightening and it’s more challenging to secure cyber insurance coverage and avoid liability for a breach that could compromise partners within the ecosystem.

The key to success in this complex landscape is measurable cyber risk reduction. That's different from tick-box compliance which, as the security team from If explained, is an important starting point, but does not yield actionable data for behaviour change and human risk management.

“When we talk about employees and their responsibility to the organization’s security, we need metrics to show their cyber performance is tied to corporate risk posture. I think that we at If have been spoiled by the good metrics we get with Hoxhunt, where we show the ongoing improvements in failure rate, success rate, miss rate, et cetera and then show to leadership how our risk posture has improved as a result.” -- Taif

With regulations for insurance companies to have a strong resilience program in place by 2025, If knows its employees must be trained to recognize and respond to phishing attacks, where most breaches occur. Watching the legacy SAT tools fall behind the cyber-threat landscape, If decided to lead their customers towards resilience by example and adopt a cutting-edge cybersecurity behaviour change program with Hoxhunt.

“It is no longer good enough for companies to just buy cyber insurance and ask the insurance company to accept all the risk. Companies must do something on their own end to lower the risk and put some basic foundations in place to achieve resilience and be able to show metrics that demonstrate their risk posture is good, and getting better.”—Peter

Partners, not just vendors

By partnering with Hoxhunt, If has witnessed a significant transformation in its cybersecurity culture and risk posture. Employees have become more vigilant and proactive in recognizing and reporting suspicious activities, as is evident from the surge in real threats being detected and reported to the threat feed.

"Hoxhunt's training not only educates our employees but also changes their behaviour and gives us the metrics to prove it." – Peter

When Microsoft Defender’s phishing simulator, a cheaper tool, was suggested as a replacement for Hoxhunt recently, the security team did a test. Hoxhunt  outperformed the alternative in terms of outcomes as well as resources required to operate the program.

Not only does Hoxhunt provide individualized training with an adaptive learning model-- delivered along a gamified learning journey that people love—but the AI-native platform enables true automation. Dozens of phishing simulations and awareness modules can be delivered each year with less effort than four manual phishing tests per year.

"Hoxhunt's platform is incredibly user-friendly, and the engaging content ensures that employees actively participate in the training. It's the most effective security training solution we've ever implemented." – Taif

 

Securing individuals and ecosystems

The collaboration between Hoxhunt and If goes beyond just training. Hoxhunt's team of cybersecurity experts works closely with If to understand their unique challenges and develop tailored strategies to address them. The Hoxhunt data gives valuable and actionable insights into employee behaviour that the security team uses to make smart interventions.

For employees and customers, the success of the Hoxhunt-If partnership extends beyond the walls of the organization. If's employees take the training home to better protect their friends and family. Customers also benefit from the strengthened cybersecurity measures, as If can assure them that their sensitive information is protected.

Through personalized training experiences, real-time feedback on reported threats, and ongoing support, Hoxhunt has enabled If to build a cybersecurity-conscious workforce and enhance its overall security posture.

"We've seen a remarkable improvement in our employees' ability to identify and report potential threats after implementing Hoxhunt. It's hands down the best human risk management solution available." - Taif

learn more

Experience Hoxhunt.
Request a demo today.

Request a demo
Watch video
During the demo you'll:
Discuss challenges you would like to solve
Discover what you are looking for in a solution
See the Hoxhunt end user experience in action
Explore the administrator dashboard, success metrics and reporting