The Microsoft tools helping Folksam provide a more secure and sustainable haven for clients’ assets

In a world where it is estimated that cybercrime will cost the global economy some 20 trillion U.S dollars-plus by 2026*, the need for companies to invest in the best possible security has never been more urgent. With over half of the Swedish population relying on its services, insurance giant Folksam has long prioritized the security of its customers’ sensitive data. The company has a long-held mission to provide security for present and future clients, emphasizing sustainability as a core element of its operations. The “game changing” integration of Microsoft cybersecurity tools has produced impressive results for both partners.

“We really feel that Microsoft is interested in us not just using their products, but also getting good at using them.” – Daniel Sörmark: Head of IT Security, Folksam

“We don’t really deliver insurance policies, we deliver security,” says Daniel Sörmark, Folksam’s Head of IT Security. “As an insurance company, we’re trusted by our customers. They invest their pensions and life insurance money with us, so we have a lot of assets. We use the word ‘sustainable’ because if you’re tasked with managing assets for people who will need them in 30 years’ time, it’s not just about growing that money, but also about making sure that there’s a good place to invest that money in, a world to retire in and leave behind. So, sustainability is a really important issue for us as well.”

Central to that mission is a longstanding relationship with Microsoft, initially via the M365 Suite and more recently, the addition of cybersecurity tools Sentinel and Defender.

Traditional methods no longer adequate

Like many companies in the insurance industry, Folksam has had to contend with the growing threat of cyberattacks, particularly ransomware. Traditional methods, including basic antivirus software and manual analysis of log files were proving inadequate to handle modern, sophisticated attacks.

“We saw that our established security methods just weren’t enough anymore. We needed modern tools. And Microsoft is a leader in this field, with the Defender and Sentinel suite” says Sörmark.

Microsoft Defender XDR provides endpoint security across both cloud environments and on-site systems, which allows Folksam to monitor behavior across its network. Microsoft Sentinel, meanwhile, brings a holistic approach to threat detection, gathering data from multiple sources, including third-party security partners.

“It’s been a game changer,” says Sörmark. “The tools are pretty easy to integrate, and Microsoft offer a lot of educational resources, which we really like. We encourage all our employees, both within IT security and outside, to take the courses and certifications that are offered. We really feel that Microsoft is interested in us not just using their products, but also getting good at using them. And for us, to be able to do it ourselves, understand how our tools work, integrate them and continuously improve our security, is even more important than just the functional capabilities the tools offer.”

“The challenge is to make sure that security is integrated in such a way that you can still be creative and innovative, and do things,” adds Sörmark. “That means we need to embed our security tools in such a way that they stop you from doing bad things, but allow you to do good things. Even things that haven’t really been done before, but can still achieve something like the outcomes you’re after.”

Trusted two-way partnership pays off

From Microsoft’s perspective, the collaboration has brought an already successful working relationship even closer. “We have a long relationship with Folksam. It’s very important that we have trust between us as partners,” says Åsa Kidman, Customer Security Officer (CSO) at Microsoft. “It’s always a challenge when you introduce new solutions and new technologies, moving from how we used to do things in a traditional way, to a new, modern – in this case – cloud-based approach. Things happen so fast right now. It’s a completely new animal.”

The seamless integration with Folksam’s existing technology stack, combined with Microsoft’s educational resources, has also been key to Folksam’s success. Additionally, Folksam’s tech talent program, that recruits and trains young professionals in-house, has been crucial to building a diverse, skilled security team. “Most of our SecOps team now began their career within our tech talent program,” Sörmark adds proudly.

Security Orchestration, Automation, and Response (SOAR) is another area streamlining Folksam’s cybersecurity operations, according to Jim Franzén, Head of Security Operations at Folksam. “Having it gives Folksam specialists the benefit of focusing on the most critical threats. SOAR automation has greatly reduced the number of activities our security specialists need to focus on, which also makes their life a lot easier,” he says.

Post-breach response is another area showing tangible improvements, adds Franzén, describing how the automated tools have streamlined Folksam’s ability to isolate environments and manage incidents. “We have sensors everywhere now, and we can quickly pinpoint and mitigate issues. It’s easy to get hold of a lot of data and get the visibility you need in all kinds of different scenarios,” he says.

The promising results since the incorporation of the Sentinel and Defender tools at Folksam speak for themselves. The insurance giant has gone from having limited real-time threat detection capabilities to a near real-time response system, drastically improving its ability to manage and mitigate risks. “We’ve moved from not really being able to measure response time, to having a real-time or near real-time response,” says Daniel Sörmark.

AI set to move the dial even further

Looking further ahead, both sides agree that the use of Generative AI will likely have an even greater impact on how the tools can be used and the potential advantages they will eventually be capable of offering.

“We need to use AI to do security, but we also need to have security to control the use of AI within organizations like Folksam,” says Åsa Kidman. “There are two parts to this and I’m totally convinced that we need to start doing both now. We need to start using AI to do security, even though it isn’t top-notch yet. The capabilities to be the best tool, the best support in the work with security aren’t completely there yet. But we do need to train ourselves how to work with generative AI when we do our security work.”

“The other part, is that if organizations want to use AI for other purposes, like for efficiency,  identifying new products or helping their business transformation, they must be able to do so, feeling safe and secure. Someone needs to make sure that those companies who do use AI, know that its capabilities are secure, and that they are are trustworthy and responsible.”

Jim Franzén at Folksam sees incorporating AI as a way of keeping pace with threat developments in what he admits is very often a “whack-a-mole” type of environment. “It’s such a quick development cycle. There are new features coming up at a rapid pace, which makes us better from month to month, pretty much. So we are following the development of these products with real excitement.”

Innovation at the core

Given the critical area that Folksam operates in, being innovative and finding new solutions applies at least as much to the IT security as to every other part of the organization. The success of the collaboration, along with its potential to develop further is much appreciated by Microsoft’s Åsa Kidman.

“Having a client like Folksam makes our days fun – we learn together and grow together. That helps us grow as individuals. It’s an extremely important project for us at Microsoft and it’s vital to have customers who want to work with us and who want to do the right things. At Folksam they really do ‘walk the talk,’” she says.

“And then of course it’s important for Microsoft, because security is a team sport – in this case security in the sense of Microsoft being able to protect our customers, but also helping customers protect themselves. We need to understand what they need, what works for them and what doesn’t.”

It’s almost impossible to overestimate the threat posed by cybercrime and the battle is a constant one. But Folksam’s journey with Microsoft provides a great example of the importance of strong partnerships, modern tools, and a commitment to continuous learning in staying ahead of cybersecurity threats and overcoming them.