For years, cybersecurity relied on perimeter protection as the main line of defense. Organizations focused their efforts on securing networks and data centers against external access. However, the expansion of digital channels, remote access, and connection with third parties have changed this model.

Today, users, applications, and data operate across a wide range of environments, expanding the security perimeter. As a result, protecting the perimeter alone is no longer sufficient. Organizations must also focus on controlling who accesses their systems, from where, and with what permissions.

The Verizon 2025 Data Breach Investigations Report, based on the analysis of 12,195 security breaches in 139 countries, places compromised credentials and improper access among the main attack vectors. ENISA, in Threat Landscape 2025, also warns about the increase in pressure on digital resilience after studying 4,875 incidents.

Security starts with design

Cybersecurity is no longer an afterthought in technology development. Organizations now integrate security controls from the earliest stages of application and digital service design.

This approach, known as security by design, enables organizations to identify risks before solutions go into production and address vulnerabilities early in the development process.

Mapfre applies this approach by integrating security, privacy, and responsible data use principles from the outset of every project.

Software as first point of defense

Digital applications have become the main relationship channel between insurance companies, customers, and intermediaries. Ensuring their security is essential to protect the information and maintain operational continuity.

Mapfre applies a model with more than 50 security activities distributed throughout the software life cycle. These include automated code analysis, vulnerability detection, and reviews of technology dependencies.

This approach makes it possible to identify risks before applications are deployed and strengthen resilience against increasingly sophisticated threats.

Identity: the new cybersecurity perimeter

Identity management in cybersecurity involves controlling who can access systems, applications, and data, under what conditions, and with what permissions. In the digital insurance landscape, this level of control is essential due to the large number of users and connected services.

In a global organization like Mapfre, with a geographically dispersed workforce and multiple user groups – including employees, intermediaries, and third parties – requiring access to different applications and data based on their roles, identity management becomes significantly more complex. To manage this environment, the company applies a centralized model based on the principle of minimum privilege and full traceability of access.

The model incorporates measures such as multi-factor authentication (MFA), role-based access controls, regular review of permissions, and systems that detect anomalies based on the device, location, or access time.

Customer protection and continuous supervision

Digital identity protection in insurance also has a direct impact on the customer experience. The rise in digital fraud and identity theft requires stronger verification mechanisms without compromising the usability of services.

Mapfre applies risk-based adaptive authentication systems. This approach adjusts the level of verification according to variables such as the device used, the location, or the usual behavior of the user.