• Client: A Global Leader in the Insurance Marketplace
  • Industry: Insurance
  • Objective: To enhance cybersecurity risk management by developing a comprehensive risk and control model tailored for the insurance industry.

Executive Summary

In a world where cyber threats are rapidly evolving, a pioneering insurance company sought to fortify their cybersecurity risk posture. The organization recognized the need for a robust cybersecurity risk model that would cater to their unique industry requirements. In collaboration with HDR, they embarked on a journey to dissect and categorize their cybersecurity risks into high-level macro risks and specific threats to business-critical applications, culminating in the creation of an innovative likelihood model and a NIST-based control model.



The insurance company grappled with categorizing and assessing cybersecurity risks in an industry plagued by sophisticated threats. The task at hand was to identify and stratify the potential risks associated with high-level macro variables and business-critical systems, and determine the probable impact on the organization, such as the number of records that could be compromised in a breach. Additionally, there was a pressing need to establish a baseline for cybersecurity measures that aligned with recognized standards.



Addressing the complex challenge, HDR adopted a holistic approach that mapped out the insurance company’s cyber threat landscape. A detailed risk model was constructed, outlining macro risks, vulnerable business-critical applications, and establishing a likelihood of incidents. Every application was examined to estimate the potential loss of records in the event of a cyber incident. Furthermore, a foundational control model was created, drawing from NIST guidelines, to enhance the client’s cybersecurity protocols and safeguard against imminent cyber threats.



The engagement with HDR delivered a tailored cybersecurity analysis that empowered the insurance company with a nuanced understanding of their risks and provided robust mechanisms for risk management. The risk and control models developed not only met but exceeded industry standards, positioning the client to proactively tackle cybersecurity threats and protect their vast repository of sensitive information.


The strategic partnership with HDR was instrumental in equipping the insurance provider with advanced tools for identifying and mitigating cybersecurity risks. The project outcomes have substantially uplifted the client’s resilience against cyberattacks, showcasing a significant leap forward in securing the company’s digital assets and maintaining their industry-leading position.

Measure What Matters