Insurance provider transforms time spent reporting by 75%
This case study highlights how a leading UK insurance provider streamlined its cybersecurity reporting, established a single source of truth for security data, and embraced a more proactive, action-oriented security culture, all enabled by Panaseer.
The challenge
- Lacked clear visibility to measure and improve Level 1 CIS compliance, risking regulatory gaps
- Manual reporting was labor-intensive, error-prone, and slowed decision-making
- Randomized, reactive workloads diverted focus from critical cybersecurity priorities
The team needed to ensure CIS compliance by confirming that their Minimum Technical Security Baseline (MTSB) was adhered to and verifying that cybersecurity tools effectively protected all endpoints.
However, quarterly controls coverage reports diverted the security team from critical remediation work.
With cumbersome quarterly reporting, it was difficult for operational teams to stay on top of risk management, leaving infrastructure out of compliance with their MTSB.
Manually tracking around 50 infrastructure metrics aligned with NIST standards demanded at least two full days each quarter. Despite deploying both on-premises and Azure tools, servers struggled to process vast volumes of data, causing frequent report failures and delays.
This inefficient and fragmented workload disrupted priorities and eroded team morale. It became evident that a more streamlined and effective approach was essential. The team needed a new way of working.
The solution
Transformation in risk management and reporting
To get the most coverage and visibility, the customer chose to adopt Panaseer across 7 of the 10 available cyber control domains. This strategic decision significantly improved their ability to monitor and manage cyber risks comprehensively, demonstrating the clear benefits of expanding control domain adoption.
Deploying Panaseer gave the CISO and their team automated, real-time insights into controls coverage and effectiveness. This trusted data is now consistently used across the business. From operational teams managing risk day-to-day to the bi-annual Board Risk Committee reviewing their cybersecurity position against risk appetite.
Panaseer has enabled us to operate in a more transparent and collaborative way with the business. This helps us to raise key issues and work with business teams to agree on priorities.
Chief Resilience and Security Officer
Driving collaboration and accountability across teams
Panaseer delivers value across the entire organization by providing tailored insights relevant to each team’s needs. This cross-team adoption has driven stronger collaboration and clearer accountability, uniting security, operations, and business leadership around shared data and priorities.
- Board Risk Committees: Cybersecurity progress is now assessed against risk appetite to inform regulatory, audit, and supply chain questionnaires.
- Internal governance: C-suite and business risk leads are aligned on accountability and ownership of cyber risks in the Operational Risk Committee and Business Unit Risk Workshops.
- Controls oversight: The Security Steering Group now has a business view that they use to improve how operational teams prioritize remediation work.
- Operations: Detailed dashboards, tailored to control owners, identify coverage gaps, and control failures that need remediation.
Integrated data sources for unified visibility
Panaseer ingests data from a wide variety of cybersecurity and business tools to provide a complete, unified view of the security landscape. In this instance, data was integrated from the following sources
Qualys
Tenable SC
Tenable IO
Control owners are now guided by automated dashboards that identify prioritized coverage and policy gaps. The board has summary views of cyber risk aligned to specific business teams and services, spanning seven cyber domains.
Cyber control domains
Device Inventory
Vulnerability Management
Endpoint Protection
Identity and Access
Privileged Access
Patch Management
Cloud Configuration
Panaseer’s services provide the business with expert-led guidance to mature their cyber metrics and Continuous Controls Monitoring program.
This aligns with a new target operating model for controls assurance across their internal teams and third-party IT service providers.
Outcomes
- Reduced cyber controls reporting time by 75%, freeing the team to focus on remediation and risk reduction
- Integrated CIS Level 1 compliance reporting into business-as-usual, eliminating manual, error-prone processes
- Enabled data-driven decisions with all stakeholders from the Board to operations using one trusted dashboard
- Shifted the organization from reactive reporting to proactive, action-oriented conversations with IT and the business
This transformation made complex compliance reporting feel effortless and part of everyday work. Automated insights replaced hours of manual tracking, giving teams a clear, up-to-date picture of risk and compliance against their Minimum Technical Security Baseline.
Including exception data brought another layer of clarity, allowing the team to manage legacy systems more effectively and have informed conversations with their outsourced IT partner.
Panaseer dashboards mean that preparation for the Security Steering Committee is now just a screenshot!
Chief Resilience and Security Officer
Preparing reports for the Security Steering Committee, IT audits, and other stakeholders has become effortless, a simple copy and paste replaces what once was a time-consuming manual task. This change saved the team 75% of the effort previously spent just to understand how remediation was progressing.
With daily automated insights into cybersecurity controls, the security team now engages with their data in a way that feels proactive rather than overwhelming. Instead of drowning in problems, the CISO office offers clear, meaningful views that highlight accountability and ownership across IT and the business.
This clarity has reshaped how resources are scheduled and assigned, making sure the right teams focus on the right tasks at the right time. The result is a more effective, targeted approach to managing risk throughout the organization.
Get started with Panaseer
Find out how to improve your security posture management using Continuous Controls Monitoring.
Our team can give you a tailored demo of the Panaseer platform, including the metrics and dashboards that enable you to prioritize resources and accelerate remediation.