Vienna Insurance Group (VIG) is the leading insurance group in Central and Eastern Europe, with more than 50 insurance companies and 30,000 employees in 30 countries. VIG adapts its insurance solutions to local and personal needs.
In 2023, the Digital Operational Resilience Act (DORA) took effect in the EU to harmonize cyber resiliency across the financial sector, replacing local, independent regulations. Given less than two years to comply, VIG needed to quickly adopt new technology and a single methodology across all its companies for a unified understanding of risk and criticality while keeping sensitive data segregated to protect confidentiality. By developing and improving operational resilience in this way, VIG acted in the best interests of its clients.
VIG chose the ServiceNow AI Platform as the foundation and framework for its compliance program, replacing spreadsheets with a stable, feature-rich environment for their evolving needs. The group uses Integrated Risk Management to assess business application and IT services risks, and Third-party Risk Management for vendor risk assessment. To evaluate the threat landscape, VIG chose Vulnerability Response and Security Operations. IT Asset Management, previously implemented, integrates seamlessly with all the new modules for shared data.
By unifying all activities and compliance data on ServiceNow, VIG saves time and effort and improves security across all its member companies. The group continuously onboards applications and vendor engagements and assesses based on the new methodology. VIG has already identified several previously undetected security gaps through the control attestation process and brought them to the attention of local management, improving security.
In the future, VIG plans to incorporate risks associated with business functions and increase visibility for higher management. The group will continue to evolve GRC processes and user experience over time to meet additional DORA requirements, confident that the ServiceNow AI Platform has the breadth of capabilities to meet these needs.