Liberty Mutual operates a global insurance infrastructure spanning 28 countries with roughly 45,000 employees processing personal and commercial insurance claims, policy underwriting, and risk assessments. As the 9th largest property and casualty insurer globally by gross written premium, the attack surface is substantial: customer PII across millions of policies, financial transaction systems, claims databases, and interconnected commercial insurance platforms serving multinational corporations. The threat model includes nation-state actors targeting financial data, ransomware groups exploiting legacy systems common in century-old institutions, and insider threats across a geographically distributed workforce.
The security perimeter extends beyond typical enterprise boundaries into investment management operations through Liberty Mutual Investments, workers' compensation systems handling sensitive employment and medical data, and Solaria Labs - an innovation unit exploring insurtech integrations that introduce third-party API risks and emerging technology vectors. Commercial insurance for large enterprises means defending against supply chain compromises, while personal insurance lines create high-volume consumer data protection requirements under varying international privacy regimes across their 28-country footprint.
Security teams face the operational reality of protecting both modern cloud infrastructure and decades-old mainframe systems still processing core insurance functions. The scale requires automation across identity management, threat detection, and incident response, while regulatory compliance spans insurance commission requirements, financial sector oversight, and data protection laws across multiple jurisdictions. Founded in 1912 as a workers' compensation provider, the organization carries technical debt alongside Fortune 100 resources - a combination that shapes both the security challenges and the tooling budgets available to address them.