Cyberattacks are becoming more frequent, sophisticated and costly, compelling leaders to prioritize robust cybersecurity measures as a critical investment in their organization’s future.
Our client, a leading insurance provider, engaged Thoughtworks to conduct a comprehensive assessment of their security posture. This assessment would provide the client with an in-depth and holistic view of their cybersecurity maturity, identifying any blind spots and helping them understand both the impact of those gaps and the security measures needed to address them.
Global standards, local regulations for extra compliance
Thoughtworks brought together a team of cybersecurity experts and data consultants to conduct in-depth interviews, interactive workshops and system deep dives with members across the client’s organization. To ensure compliance, we structured our assessment using a globally recognized cybersecurity framework from the National Institute of Standards and Technology (NIST), while aligning it with relevant local regulatory standards. This combined approach enabled us to conduct a thorough evaluation of the client’s security posture.
An external assessment of potential vulnerabilities can be a daunting experience for organizations. To overcome this, we adopted a highly collaborative approach, acting not as auditors but as partners. Our team embedded themselves within the client’s organization, turning this engagement into a collaborative exercise. This helped us build trust, ensuring no stones were left unturned.
Despite initial challenges with limited resources and documentation, the Thoughtworks team rose to the occasion, producing outstanding work in just six short weeks. Their seamless integration into our team was remarkable. Not only did they deliver the expected cyber strategy and roadmap, but they also provided crucial insights for drafting comprehensive architectural documentation. This could be the first step to mitigating our reliance on institutional knowledge.
Given the critical nature of data in cybersecurity, we also conducted a thorough assessment of the client’s data landscape. This helped them understand how different business areas access sensitive data across various platforms and applications, and the measures they’re required to take to protect their data. Through the data mapping exercise, we gained valuable insights that allowed us to:
Identify and classify data based on sensitivity, value and criticality.
Compile a list of systems and applications requiring enhanced security controls.
Develop detailed recommendations based on our key observations where there is a need to uplift access controls.
A path to security excellence
In six weeks, we delivered a comprehensive cybersecurity strategy and roadmap. This included a set of prioritized recommendations to achieve the target maturity level, as well as guidance on hiring and growing a security team fit for the future growth of this insurance company.
Key elements of the cybersecurity strategy included:
A three-year roadmap with current and target maturity ratings.
Recommendations for team shapes, roles and responsibilities for cybersecurity and data governance.
Detailed recommendations on the impact and effort against each NIST category, as well as recommendations based on data sensitivity analysis and data landscape.
The journey towards security excellence requires continuous improvement, not a big bang approach. We applied that same philosophy to this engagement, helping the client make step changes to their security measures throughout the assessment. Overall, this engagement has provided our client with a much clearer understanding of their security posture, and empowered them to make informed decisions and investments both in the short and long term.
Thoughtworks’ exceptional service makes them a highly recommended partner. The professionalism, expertise and dedication were evident throughout the project. The team consistently exceeded expectations and impressed us with their ability to grasp our needs and deliver high-quality results in a tight timeframe.
