Who is Starpeak Insurance?
Starpeak Insurance is a UK-based insurance company specialising in providing tailored insurance solutions for both consumers and small businesses. Their portfolio includes everything from sports and travel insurance, covering extreme sports activities, to liability coverage for smaller businesses, such as dog walkers and cleaners. With a 30-year history in the industry, Starpeak prides itself on being one of the first companies to embrace selling insurance online.
In this case study, we met with Andy Pilgrim, Technical Director at Starpeak, to discuss their experience using OnSecurity as their trusted security vendor.
The Security Challenge
As a technology-forward and compliance-focused organisation, Starpeak Insurance recognised the need to improve its online infrastructure. Historically relying on traditional penetration testing vendors, they required a more dynamic, integrated, and time-efficient approach to review the security of their web applications. The limitations of static PDF reports and the lack of real-time collaboration with previous vendors prompted Starpeak to explore alternatives.
Why did you choose OnSecurity?
Starpeak was immediately drawn to the platform’s instant quote builder, which provided immediate pricing and complete transparency. After discussing the engagement with OnSecurity, Starpeak felt confident in the platform’s ability to deliver a streamlined, collaborative, and effective penetration testing experience.
Key factors influencing their decision:
- Platform-based Testing: A modern alternative to static PDF reporting
- Customisable Scoping: Flexibility in tailoring the testing to their specific needs.
- Real-time Collaboration: The ability to work alongside testers during the process. Andy noted this as “a big bonus and not something they have experienced before.”
OnSecurity provided the Security Solution
In March 2023, Starpeak engaged OnSecurity for a web application penetration test. The platform’s user-friendly approach proved to be a game-changer compared to traditional methods.
Game-changing features for Starpeak:
- Real-time Communication: The in-platform commenting system allowed seamless communication with testers, ensuring clarity and quick resolutions for any findings
- Pre-test Preparations: The prerequisite submission process helped streamline the kickoff stage and ensured all teams were aligned
- Ongoing Fixes and Retests: Starpeak was able to remediate vulnerabilities in real-time while testing was still in progress, significantly reducing the attack window and end-to-end timeline.
- Retest Simplicity: Once fixes were deployed, retesting was quick and hassle-free, with validations completed within a day.
And the Results?
We aim to provide a flexible, efficient and valuable experience for our clients. But how did Starpeak find it:
Time Efficiency:
By addressing vulnerabilities during the test itself, Starpeak resolved the majority of findings by the test’s conclusion, saving hours on post-test remediation efforts.
Comprehensive Reporting:
Andy highlighted the detailed executive summaries and tailored recommendations within OnSecurity’s platform and downloadable PDFs. These reports not only enhanced confidence internally but also aligned with the expectations of external auditors and regulatory partners.
Streamlined Retest Process:
The retest process was smooth, with quick clarifications made in-platform for any ambiguity.
Enhanced Visibility with Radar:
OnSecurity’s Threat Intelligence tool, Radar, provided valuable insights, such as identifying unused subdomains, which Starpeak resolved on the spot. While no breached credentials were flagged due to their rebranding, Radar proved valuable for long-term monitoring.
Describe your experience using OnSecurity
Andy summarised their experience with OnSecurity as “really smooth” and “friction-free.” He highlighted that the collaborative approach worked well: “Working alongside the testers rather than just receiving a static report meant we could discuss any queries in real-time and remediate findings as quickly as possible.”
Starpeak recognised the true value of blending technology and human expertise: “While the platform was slick, having sensible human beings at the end of it made a huge difference.”
When asked if he would recommend OnSecurity, Andy said:
“I definitely would. The entire process was just smooth. Few people enjoy penetration tests, but OnSecurity made the experience as painless as possible.”
Partnering with OnSecurity long-term
While penetration testing for Starpeak is currently limited to web applications, they plan to expand their security initiatives in alignment with the increasing focus on digital compliance within the insurance sector. OnSecurity’s reports will successfully serve as evidence for demonstrating robust cybersecurity practices to partners and regulators.
Starpeak Insurance’s partnership with OnSecurity highlights the benefits of transitioning from traditional penetration testing methods to a more integrated, platform-based approach. With OnSecurity, Starpeak achieved a seamless, efficient, and collaborative testing process, setting a new standard for ensuring the security of its digital posture.
Looking for a modern, hassle-free approach to penetration testing?
