Insurance provider transforms time spent reporting by 75%

• Lacked clear visibility to measure and improve Level 1 CIS compliance, risking regulatory gaps
• Manual reporting was labor-intensive, error-prone, and slowed decision-making
• Randomized, reactive workloads diverted focus from critical cybersecurity priorities

The team needed to ensure CIS compliance by confirming that their Minimum Technical Security Baseline (MTSB) was adhered to and verifying that cybersecurity tools effectively protected all endpoints.

However, quarterly controls coverage reports diverted the security team from critical remediation work.

With cumbersome quarterly reporting, it was difficult for operational teams to stay on top of risk management, leaving infrastructure out of compliance with their MTSB.

Manually tracking around 50 infrastructure metrics aligned with NIST standards demanded at least two full days each quarter. Despite deploying both on-premises and Azure tools, servers struggled to process vast volumes of data, causing frequent report failures and delays.

This inefficient and fragmented workload disrupted priorities and eroded team morale. It became evident that a more streamlined and effective approach was essential. The team needed a new way of working.

Transformation in risk management and reporting

To get the most coverage and visibility, the customer chose to adopt Panaseer across 7 of the 10 available cyber control domains. This strategic decision significantly improved their ability to monitor and manage cyber risks comprehensively, demonstrating the clear benefits of expanding control domain adoption.

Deploying Panaseer gave the CISO and their team automated, real-time insights into controls coverage and effectiveness. This trusted data is now consistently used across the business. From operational teams managing risk day-to-day to the bi-annual Board Risk Committee reviewing their cybersecurity position against risk appetite.

Driving collaboration and accountability across teams

Panaseer delivers value across the entire organization by providing tailored insights relevant to each team’s needs. This cross-team adoption has driven stronger collaboration and clearer accountability, uniting security, operations, and business leadership around shared data and priorities.

1. Board Risk Committees: Cybersecurity progress is now assessed against risk appetite to inform regulatory, audit, and supply chain questionnaires.
2. Internal governance: C-suite and business risk leads are aligned on accountability and ownership of cyber risks in the Operational Risk Committee and Business Unit Risk Workshops.
3. Controls oversight: The Security Steering Group now has a business view that they use to improve how operational teams prioritize remediation work.
4. Operations: Detailed dashboards, tailored to control owners, identify coverage gaps, and control failures that need remediation.

Integrated data sources for unified visibility

Panaseer ingests data from a wide variety of cybersecurity and business tools to provide a complete, unified view of the security landscape. In this instance, data was integrated from the following sources

Control owners are now guided by automated dashboards that identify prioritized coverage and policy gaps. The board has summary views of cyber risk aligned to specific business teams and services, spanning seven cyber domains.

Panaseer’s services provide the business with expert-led guidance to mature their cyber metrics and Continuous Controls Monitoring program.

This aligns with a new target operating model for controls assurance across their internal teams and third-party IT service providers.

• Reduced cyber controls reporting time by 75%, freeing the team to focus on remediation and risk reduction
• Integrated CIS Level 1 compliance reporting into business-as-usual, eliminating manual, error-prone processes
• Enabled data-driven decisions with all stakeholders from the Board to operations using one trusted dashboard
• Shifted the organization from reactive reporting to proactive, action-oriented conversations with IT and the business

This transformation made complex compliance reporting feel effortless and part of everyday work. Automated insights replaced hours of manual tracking, giving teams a clear, up-to-date picture of risk and compliance against their Minimum Technical Security Baseline.

Including exception data brought another layer of clarity, allowing the team to manage legacy systems more effectively and have informed conversations with their outsourced IT partner.

Preparing reports for the Security Steering Committee, IT audits, and other stakeholders has become effortless, a simple copy and paste replaces what once was a time-consuming manual task. This change saved the team 75% of the effort previously spent just to understand how remediation was progressing.

With daily automated insights into cybersecurity controls, the security team now engages with their data in a way that feels proactive rather than overwhelming. Instead of drowning in problems, the CISO office offers clear, meaningful views that highlight accountability and ownership across IT and the business.

This clarity has reshaped how resources are scheduled and assigned, making sure the right teams focus on the right tasks at the right time. The result is a more effective, targeted approach to managing risk throughout the organization.