Aviva plc is a British multinational insurance company with roots dating back to 1696, making it one of the oldest continuous financial institutions in operation. Now headquartered in London and led by CEO Dame Amanda Blanc, the company serves approximately 25.2 million customers across the UK, Ireland, and Canada. As the UK's leading diversified insurer, Aviva operates across three core business lines: insurance, wealth management, and retirement services.
The company's operational footprint spans general insurance products including home protection, wealth management and financial planning services, and retirement products for customers saving for and planning their later years. With major operations concentrated in Ireland and Canada beyond its UK base, Aviva manages a complex technology and data infrastructure that supports millions of customer accounts, financial transactions, and sensitive personal information across multiple regulatory jurisdictions. This geographic spread and the nature of financial services - high-value data, regulatory compliance requirements, fraud risk, and customer trust dependencies - create a substantial attack surface requiring defense in depth.
Operating in heavily regulated financial services means Aviva must navigate UK financial regulations, GDPR compliance, Canadian privacy laws, and Irish data protection requirements simultaneously. The company's technical environment needs to protect customer financial data, health information tied to insurance products, and retirement planning details while maintaining availability for millions of active users. The threat model includes nation-state actors targeting financial institutions, ransomware groups seeking high-value targets, insider threats in organizations handling sensitive data, and the constant pressure of credential stuffing and account takeover attempts against consumer-facing platforms.