CASE STUDY
Leading insurance provider measurably improves behavior and reduces human risk
Hastings Group is a leading insurance provider, known for its digital and data-focused approach. Serving over 3 million customers, Hastings offers car, van, bike, and home insurance, driving growth through digital innovation and strong partnerships with major price comparison websites.
83%
of colleagues now feel confident in handling cyber security issues
87%
improved their passphrase behavior within 30 days
27%
less likely to open phishing emails
12%
less likely to click on phishing emails than insurance industry peers
91%
of colleagues recognize security as a primary responsibility
The challenge: “Hope is not strategy!”
In late 2019, Hastings Group faced a critical challenge: while they were meeting traditional cyber security standards and complying with data protection regulations, there was a growing realization that “best practice” wasn’t enough. Hastings needed to evolve from basic compliance to fostering a proactive cyber resilience culture.
Chief Information Security Officer Simon Legg recognized the need for a more robust approach that would empower colleagues to take ownership of cyber security, ensuring they were not just following rules but truly understood and were engaged with the importance of protecting the company, its customers, and the wider community.
The urgency: Emerging threats
The digital landscape was rapidly changing, and with it, the threats to cyber security. Hastings Group needed to act swiftly to ensure that their approach kept pace with these evolving risks. Traditional awareness programs were no longer sufficient; they needed a solution that could deeply assess and address human cyber risks, especially as remote working became more prevalent during the pandemic.
Simon Legg knew that to build a lasting cyber resilience culture, the change had to happen immediately. Delaying action could leave the company vulnerable to emerging threats and erode trust with customers and partners.
The solution: A human-centric approach
Hastings Group chose CybSafe for its innovative, human-centric approach to cyber security. Unlike other solutions that focused solely on phishing or compliance, CybSafe offered a comprehensive platform designed to engage users and build a true culture of resilience.
CybSafe’s unique features, including PHISH for a human-centric approach to simulated phishing, and GUIDE for measuring security culture, resonated with Hastings.
These tools provided actionable insights into risky security behaviors, helping to predict and prevent potential security breaches before they occurred.
Simon Legg was particularly impressed by CybSafe’s ability to make cyber security relatable and personal for Hastings’ colleagues, transforming what could be a dry compliance exercise into something meaningful and engaging.
The results: Speak for themselves!
Since implementing CybSafe, Hastings Group has seen their human risk management achieve significant improvements in company-wide cyber resilience:
83%
of colleagues now feel confident in handling cyber security issues
87%
improved their passphrase behavior within 30 days
27%
less likely to open phishing emails
12%
less likely to click on phishing emails than insurance industry peers
91%
of colleagues recognize security as a primary responsibility
CybSafe has also enabled Hastings to gain tangible evidence of risk reduction, using data to continuously measure and improve security behaviors across the organization. This data-driven approach has allowed Hastings to report meaningful progress to senior leadership and stakeholders, reinforcing the value of their investment in CybSafe.
Hastings Group is not stopping at internal improvements. Recognizing the importance of a secure supply chain, they are now extending CybSafe’s benefits to their outsourced partners, ensuring that the same high standards of cyber resilience are maintained across their entire business ecosystem.