Specialists in financial services and private equity we have supported many clients to make great decisions whether it be helping an organisation realise its potential or commercialising the value of the technology function and assessing “technical debt”.

We’ve helped brands with cyber assurance, risk management, digital transformation, artificial intelligence, customer demand and much more.

Speak to a consultant

This was a great project with a fantastic LR team to support it! We can definitely be proud of the work, and the reputational support it provides us with our key stakeholders.
CIO
AA Ireland
Case Study

We were asked to help Generali understand the key risks areas and current best practice for their core systems.

Generali is a major player in the global insurance industry. With almost 71,000 employees, more than 400 companies and operating in almost 60 countries, it is the largest insurance company in Italy, and third largest in the world.

Generali operates in a highly regulated environment, and so, they are required to undergo frequent audits at an enterprise level. However, these audits tended to look at general controls or topics, and consequentially, Generali identified the lack of review of the end-to-end processes for six core business systems.

They recognised the importance of engaging a specialist independent organisation to conduct this review in order to provide the validation of risk level required. They needed to ensure full transparency for their customers and satisfy regulatory bodies.

We were asked to consider how we could help Generali understand the key risks areas and current best practice for their core systems.

The Solution

Given the sensitive nature of the data being managed within Generali’s core systems, Leading Resolutions recommended an approach based on the NIST Cyber Security Framework (CSF). This had the benefit of being able to provide Generali with consistent output across all systems with regards to:

1
Cybersecurity risk
Managing and reducing cybersecurity risk, aligned to existing processes.
2
Risk management
Establishing the appropriate level of risk management for the organisation.
3
Opportunities for improvement
Identifying and prioritising opportunities for improvement.

In addition to this, we reviewed each system’s compliance with GDPR to ensure there were no areas of concern.

To make the most efficient use of our time, we undertook a three-step approach to completing a high-level review based around the NIST Cyber Security Framework.

Step One

We reviewed all documentation pertaining to the six core systems.

Step Two

We organised a site visit to look at the six systems and conduct a high-level assessment. In parallel, we conducted a high-level assessment of the contractual positions for those six systems.

Step Three

Step three was a more detailed level of assessment. We conducted a cradle-to-grave review for the Eclipse system.

The Results

We documented the assessment findings to produce an interim report, which provided a high-level overview of the risks we identified and led to the approval of a number of cybersecurity and governance initiatives. It also informed Generali of any systems that required a more detailed assessment and analysis.

The specialist expertise and skills presented by the Leading Resolutions team enabled us to cut through what was a highly complex and challenging piece of work. With high expectations and visibility form our board, they delivered speed and accuracy that we would never have been able to achieve ourselves.
Mark Laine
CIO
You may also like