Insurance organisations are increasingly targeted by cybercriminals due to the volume of sensitive client, financial and personal data they manage.

When a UK insurance broker identified growing concerns around phishing attacks, account compromise and Microsoft 365 security, it partnered with Peritus Cloud Security to strengthen its security posture and reduce risk across the business.

Customer Profile

The organisation is a UK-based insurance broker providing personal and commercial insurance services to clients across the country.

With a growing workforce, increasing regulatory obligations and a heavy reliance on Microsoft 365, protecting client data and maintaining operational resilience had become a strategic priority.

The Challenge

Like many organisations within the insurance sector, the broker was facing an increasingly sophisticated threat landscape.

Employees were receiving growing numbers of phishing emails, while concerns around credential theft and account compromise were becoming more prominent.

At the same time, cyber insurance providers and regulators were placing greater emphasis on demonstrable security controls, particularly around identity protection, email security and access management.

The organisation recognised that while Microsoft 365 provided a strong foundation, additional work was required to ensure security controls were configured and operating effectively.

The business needed clarity on its current security posture and a practical roadmap for reducing risk.

Strengthening Microsoft 365 Security

The organisation engaged Peritus Cloud Security to assess its Microsoft 365 environment and identify opportunities to improve protection against modern cyber threats.

The review focused on:

• Identity and access management
• Multi-factor authentication
• Email security controls
• Conditional access policies
• User risk reduction
• Security monitoring and alerting

Working closely with internal stakeholders, Peritus developed a prioritised remediation plan designed to strengthen security while minimising disruption to day-to-day operations.

Delivering Security Improvements

Over a 30-day period, the organisation implemented a series of improvements across its Microsoft 365 environment.

These included:

• Enforcing multi-factor authentication for all users
• Strengthening conditional access policies
• Improving protection against phishing and impersonation attacks
• Reducing privileged account exposure
• Enhancing visibility of suspicious user activity

The project was delivered with minimal disruption to employees and without impacting business operations.

Reducing Phishing Risk

One of the most significant improvements was a reduction in successful phishing-related incidents.

Prior to the project, users regularly reported suspicious emails and the IT team was spending considerable time investigating potential threats.

Following the implementation of improved controls and security recommendations, phishing-related incidents fell significantly, reducing both organisational risk and administrative overhead.

The organisation also gained greater confidence that compromised credentials would be far less likely to result in a successful account takeover.

Delivering Measurable Outcomes

Following the engagement, the organisation achieved:

• An 85% reduction in phishing-related incidents
• Multi-factor authentication enabled for all users
• Improved visibility of security risks across Microsoft 365
• Stronger protection against account compromise
• Enhanced readiness for cyber insurance and compliance requirements

Most importantly, leadership gained confidence that the organisation's Microsoft 365 environment was better protected against evolving threats.

Customer Perspective

For the organisation's leadership team, the biggest benefit was visibility and confidence.

"The project gave us a clear understanding of our security posture and a practical roadmap for improvement. We now have far greater confidence in our ability to protect client data and respond to emerging threats."

Expert Perspective

Tim Barrow, Managing Director at Peritus Cloud Security, commented:

"Insurance organisations are increasingly targeted because of the sensitive information they hold and the financial impact a successful attack can have.

What we often find is that businesses already own many of the security capabilities they need within Microsoft 365 but haven't fully optimised or configured them.

By taking a structured approach to security improvement, organisations can significantly reduce risk while supporting compliance, cyber insurance requirements and operational resilience."

About Peritus Cloud Security

Peritus Cloud Security helps organisations strengthen their cyber resilience through specialist cybersecurity solutions, expert guidance and trusted vendor partnerships.

Working across sectors including financial services, insurance, legal and professional services, Peritus helps organisations reduce risk, improve protection and simplify cybersecurity management.

‍