case study

How a leading insurance company reduced human cyber risk

Client logo
About

This leading property and casualty insurer in the Nordic region offers a full range of P&C insurance solutions and services to a broad customer base, from private individuals to large corporate customers.

  • Industry: Insurance
  • Employees: 10,000+
Challenge

These leaders in the insurance industry needed to satisfy mounting regulatory pressures to demonstrate measurable resilience for business partners and auditors in an environment of escalating cyber-attacks.

Solution

Within months, Hoxhunt delivered measurable behavior change and risk reduction with a security behaviour change program that has remained highly effective and widely appreciated after multiple years in use.

Key takeaways:
Featured image

Key results

  • Success rate: Increased 68%, from 40% to 67% 
  • Failure rate: Decreased 63%, from 8% to 3%
  • Miss rate: Decreased 42%, from 52% to 30%
  • Resilience ratio (Success rate / failure rate): Increased 340%, from 5 to 22
  • * Resilience ratio better measures an organizations' cyber skills and vulnerability to a phishing breach than failure rate exclusively by factoring in engagement and successful threat reporting behaviour.

  

In their words:

  1. "Hoxhunt has transformed our cybersecurity training program. Their innovative approach and effective simulations have made it the best solution we've come across." – Security Awareness Manager
  2. "The results speak for themselves. Hoxhunt's training has significantly reduced our employees' susceptibility to phishing attacks. We have tested it against competing products, and it's undoubtedly the best solution out there." – CISO

  • Hoxhunt's simplicity and automation make it easy for the security team to operate.
  • Seamless integration into existing systems like Azure AD optimizes the program’s efficiency, automation, results, and analytics.
  • The platform's randomized phishing simulation cadence and personalized training experiences, which adapt to individuals’ skill levels over time, maximize engagement.
  • Threat reporting behaviour-based data reveals current phishing trends and maps organizational human risk in real-time.
  • The platform's positive user experiences and gamification elements foster a vibrant cybersecurity culture.
  • Hoxhunt generates robust metrics that show the program’s value to leadership and demonstrates resilience to partners and auditors, aligning with evolving regulatory requirements and insurance industry best practices. 

Cyber insurance, performance metrics, and risk posture

The insurance industry at large, and cyber insurance in particular, are undergoing significant changes. Insurers and their customers are facing a systemic shift towards responsibility and accountability for one’s cybersecurity posture. Auditory, regulatory, and compliance standards are tightening and it’s more challenging to secure cyber insurance coverage and avoid liability for a breach that could compromise partners within the ecosystem.

The key to success in this complex landscape is measurable cyber risk reduction. That's different from tick-box compliance which, as the security team explained, is an important starting point, but does not yield actionable data for behaviour change and human risk management.

“When we talk about employees and their responsibility to the organization’s security, we need metrics to show their cyber performance is tied to corporate risk posture. I think that we have been spoiled by the good metrics we get with Hoxhunt, where we show the ongoing improvements in failure rate, success rate, miss rate, et cetera and then show to leadership how our risk posture has improved as a result.” -- Security Awareness Manager

With regulations for insurance companies to have a strong resilience program in place by 2025, employees must be trained to recognize and respond to phishing attacks, where most breaches occur. Watching the legacy SAT tools fall behind the cyber-threat landscape, If decided to lead their customers towards resilience by example and adopt a cutting-edge cybersecurity behaviour change program with Hoxhunt.

“It is no longer good enough for companies to just buy cyber insurance and ask the insurance company to accept all the risk. Companies must do something on their own end to lower the risk and put some basic foundations in place to achieve resilience and be able to show metrics that demonstrate their risk posture is good, and getting better.”—CISO

Partners, not just vendors

By partnering with Hoxhunt, the insurance leaders witnessed a significant transformation in its cybersecurity culture and risk posture. Employees have become more vigilant and proactive in recognizing and reporting suspicious activities, as is evident from the surge in real threats being detected and reported to the threat feed.

"Hoxhunt's training not only educates our employees but also changes their behaviour and gives us the metrics to prove it." – CISO

When Microsoft Defender’s phishing simulator, a cheaper tool, was suggested as a replacement for Hoxhunt recently, the security team did a test. Hoxhunt  outperformed the alternative in terms of outcomes as well as resources required to operate the program.

Not only does Hoxhunt provide individualized training with an adaptive learning model-- delivered along a gamified learning journey that people love—but the AI-native platform enables true automation. Dozens of phishing simulations and awareness modules can be delivered each year with less effort than four manual phishing tests per year.

"Hoxhunt's platform is incredibly user-friendly, and the engaging content ensures that employees actively participate in the training. It's the most effective security training solution we've ever implemented." – Security Awareness Manager

 

Securing individuals and ecosystems

The collaboration with Hoxhunt goes beyond just training. Hoxhunt's team of cybersecurity experts seek to understand their unique challenges and develop tailored strategies. The Hoxhunt data gives valuable and actionable insights into employee behaviour that the security team uses to make smart interventions.

For employees and customers, the success of the partnership extends beyond the walls of the organization. The insurance company's employees take the training home to better protect their friends and family. Customers also benefit from the strengthened cybersecurity measures, as If can assure them that their sensitive information is protected.

Through personalized training experiences, real-time feedback on reported threats, and ongoing support, Hoxhunt has enabled a cybersecurity-conscious workforce who have enhanced the overall security posture.

Want to match these results?
Hoxhunt adaptive phishing training dramatically increases training engagement and security resilience.
Request a demo