The insurance industry is consistently being targeted with cyberattacks as they possess immeasurable confidential data. As a natural target, it is essential to nourish the Information Security Operating Model to prevent cyberattacks, threats and ransomware.

Our client, an insurance and reinsurance provider, requested for over the organisation’s Information Security Operating model and Service Catalogue.  This included conducting a benchmark against peer organisations and market trends, but unsure whether whether the current model and service catalogue met the needs of customers and stakeholders.

Building the client relationship with Wavestone’s unique approach for strong delivery 

Collaborating with the CISO of the global insurance firm, we assessed the current operating model and service catalogue with 3 main steps:

Phase 1 – Discovery Phase

Holding workshops with a variety of client stakeholders within the CISO function and performing documentation analysis to better understand the current state for the client’s operating model and to document existing Information Security Services.

Phase 2 – Analysis & Benchmark

Leveraging Wavestone’s accelerators (e.g., Cyber Benchmark) to compare the clients Information Security operating model and service landscape with comparable peers across the global Insurance and Financial Services Market. The output was then used as a key input into the Target Operating Model.

Phase 3 – Target Stage Definition

Using the output from the first two phases, Wavestone developed a Target Operating Model for the CISO function with clear, actionable, and pragmatic recommendations that can be implemented to meet the target state. This was supported by a Target Budget, Target Skills Matrix and Target Service Catalogue that would support the CISO when making key decisions, such as:

  • What Information Security services were operating at a lower maturity
  • Where the gaps were in skills and workforce in the team
  • Where to prioritise, budget spend at a time where costs were increasing, and budgets are not growing to match

Results and key success factors

Our client gained a clear view on the current state of their Information Security organisation; where improvements could be made and the steps that need to be implemented to move towards their Target Operating Model.

Wavestone’s flexibility in their approach to engagements meant that we were able to re-prioritise key deliverables to meet the needs of the client, such as providing key input into the budgeting process for the next financial year.

Unique Benefits

This was a great example of Wavestone going to market as a Global Practice with a joint UK-US team that aligned well with a client that is based in Europe and the US. It also enabled Wavestone to be flexible in how they operated internally and interacted with the client, working around the busy schedules of key stakeholders.