How the insurance group improved app security and business risk management.
The Generali Group is one of the world’s leading insurance and financial groups, present in more than 50 countries. With millions of customers worldwide, it combines tradition and innovation to meet the needs of families, companies and institutions. Increasing digitalisation, both internally and in customer relations, has brought with it a key challenge: ensuring the security of mobile applications, an important part of the Group’s business.
For Generali, mobile applications are a key pillar of its digital ecosystem, designed to provide a smooth and valuable customer experience and to support internal employee processes. With the growing threat of cyber vulnerabilities, the Group’s challenge was to ensure that each app was resilient to cyber risks, maintaining customer trust and the security level of sensitive data.
Mobisec helped Generali overcome these difficulties by providing technical expertise and a tailored strategy. The journey to verify the security level of the app portfolio began with a pilot project, in which two apps were tested: one for internal processes and one for external customers.
This approach allowed Generali to experiment and refine a testing and development methodology that could be applied to all apps in the portfolio. Every step of the way was guided by the goal of creating a digital ecosystem that inspires trust and ensures security.
The second major challenge Generali faced was to limit the migration of portfolios to competitors caused by the misconduct of outbound agents. To meet this need, Generali chose Mobisec’s HiWave IoT integration platform to implement an effective and innovative control system that provides greater control over sensitive data, reduces operational risks and significantly limits portfolio migration.
With HiWave, Generali can dynamically manage and update customer data access levels, but also monitor application performance in real time, providing useful feedback to development teams. The platform cross-references hardware and software statistics, collects advanced data on device vulnerabilities and ensures that information is collected even offline.
Master the complexity.
Some applications handled highly confidential information, including health data, especially during the COVID-19 pandemic. Ensuring GDPR compliance was critical.
Generali implemented monthly testing cycles for the most critical apps, flanked by bimonthly reviews for lower-priority apps, with careful resource management.
The solutions had to integrate seamlessly with international best practices and comply with Generali’s internal policies, which are critical to protecting the Group’s and its customers’ data.
Turning security into a strategic asset.
Generali's journey has led to a true digital renaissance.
1
The applications tested achieved advanced levels of security, protecting sensitive data and ensuring a smooth user experience.
2
The integration of test results into internal risk management portals simplified the prioritisation of corrective actions, improving operational efficiency.
3
Generali teams gained advanced skills by adopting secure coding practices to prevent vulnerabilities early in the development cycle.
4
Implementing HiWave as an internal SDK enabled continuous application monitoring, making it a strategic value-added tool for the business.