US insurance firm bolsters security and compliance with CyberArk

Company profile

Federated Insurance is headquartered in Owatonna, Minnesota, and operates in 49 states and the District of Columbia. The company provides American businesses with customized property and casualty insurance; umbrella and life and disability income; bonding; surety; and workers compensation coverage. The company is rated A+ (Superior) by A.M. Best Company® and has been named in Ward’s 50 group of top performing insurance companies (2022).

Total Assets: USD$10.5 Billion
Employees: 2,800

Challenges

In 1904, a group of local farmers and business owners around Owatonna, Minnesota, decided to set up their own insurance company. Nearly 120 years later, Federated Mutual Insurance Company (Federated Insurance) is a thriving, national insurance business. Being in the risk business, the company is only too aware of the growing threat of cyberattacks, especially for organizations in the financial sector.
“Our whole mindset is risk management and, if we could, we would have zero risk. However, we know that is not possible. So, we attempt to mitigate as much risk as we humanly can and that is why we have invested in market-leading cybersecurity technologies like CyberArk,” said Angela Klein, Business Technology Manager, Identity and Access Management at Federated Insurance.

Passwords written down
A few years ago, the company reviewed its cybersecurity capability and realized that it could be improved especially around privileged access management and identity protection. “I am sure most passwords were written down somewhere or linked to user IDs. We knew we needed to make privileged accounts easier to manage so people did not have to keep remembering long passwords or write them down. We were moving towards a more mature way of making privileged accounts and privileged access more secure,” added Klein. Also, although fully compliant, the business knew regulations and insurance standards around cybersecurity were getting tougher so it would need more robust privileged access and identity protection.

Solutions

The company set up a cross-functional team to investigate privileged access management and run proof of concepts with several different vendors, finally deciding to partner with CyberArk. “We established several CyberArk champions across the business who quickly realized how easy and simple the product was to use,” commented Klein. “We saw, from an IT perspective, that CyberArk would also be easy to administer. That, plus the fact that CyberArk was and still is the market leader, made the case for selecting its solution overwhelming.”

Federated Insurance is using the CyberArk Identity Security platform comprising CyberArk Privileged Access Manager as a self-hosted deployment. Federated Insurance runs an in-house IT department with around 350 employees who support everything covering infrastructure, business users and applications. Now those IT staff use Privileged Access Manager for their server administration and privileged accounts.

Establishing CyberArk Champions
To help with adoption and allay fears that CyberArk might be a hindrance, champions appointed during evaluation were used throughout the organization during deployment to communicate the importance of securing privileged access. “The champion concept helped people understand that CyberArk would help them do their jobs more securely,” outlined Klein. “Since then, many of our staff have become champions themselves and are asking how CyberArk can help improve work on their projects. Now CyberArk is an integral part of our IT organization and ecosystem.”

Because of the timely information and data that CyberArk delivers and reports in an easy-to-understand format, Klein and her team are better able to show and demonstrate to the board of directors the efficacy and strength of the company’s security posture.

Results

“Our annual security assessments now regularly demonstrate a high cybersecurity stance, not only for identity protection, but also for our security program in general,” said Klein. “CyberArk plays a major role in achieving that because we can articulate to auditors how we protect privileged accounts. That gives the auditors reassurance that we are protecting customers and clients effectively.”
As an insurance company, Federated must address strict financial regulations such as Personally Identifiable Information (PII), information that links to and identifies an individual. “CyberArk enables us to protect critical business and client data,” shared Klein. “By using CyberArk privileged session management, we are making data like PII more secure. Passwords are no longer on end-user devices where they are vulnerable to attacks.”

Reassuring the Insurers
As the threat of cyberattack increases, so has the significance of cybersecurity insurance and demand from underwriters for businesses to implement stronger safeguards.

“When we process our cybersecurity insurance, applications and renewals, the fact that we have CyberArk and a privileged access management program makes the application easier.”

– Angela Klein, Business Technology Manager IAM, Federated Insurance

“CyberArk reassures insurers that we are protecting identities. Now, I see many other organizations rushing to implement privileged access management programs.”
Federated Insurance heralded the importance of the relationship and the “amazing” partnership with the CyberArk customer success and support teams, as well as account reps. Any time Federated Insurance needs support, there is an instant response and a willingness to solve problems. “Federated Insurance and CyberArk have established a mutual respect from which we gain insights and best practices about CyberArk solutions,” added Klein.
Federated Insurance is committed to providing a local, personal and face-to-face resource to its customers. To maintain that level of customer service, the company is constantly looking towards the future to ensure customers are protected.
“Identity has become the new perimeter. People are no longer restricted to working inside the company’s four walls. Without identity figured out and secured, whatever else employees do does not really matter,” concluded Klein. “We are constantly making sure identities for employees, privileged accounts, devices and everywhere else are secure. But we are alert to what is coming next and how we can work with CyberArk to move our identity strategy forward.”

Key benefits

• Built a market-leading privileged access and identity defense
• Delivered leading edge identity protection and security
• Transformed identity and password security control
• Simplified security administration and management
• Elevated cybersecurity to a business benefit, not a hindrance
• Helped to meet the tougher thresholds from cybersecurity insurers