Consolidate functions into one incident response team, one threat intelligence team, and one threat-hunting team serving all Munich brands around the clock.Improve team capabilities by blending the strongest skills of each team into more mature, well-rounded functions.Reduce redundancies in responsibilities, tools, and processes to cut costs.To reach these goals, Munich deployed various tactics, including:
Combining best practices from cyber threat intelligence, threat hunting, and cybersecurity incident response teams to create new and improved services.Establishing a consistent sharing model between teams and smoother integration with IT and business functions.Moving to cloud-based security tools”, such as SIEM, EDR, and CTI platforms”, to allow access across environments.Implementing a follow-the-sun coverage model for 24/7 operations without exhausting staff.Hosting global working groups and daily handovers to encourage team solidarity.Running lessons-learned sessions with open participation from detection, protection, and response teams.Tapping into global labor markets to recruit people with niche skills.Developing skills internally that had normally been outsourced.Emphasizing quality-driven metrics over raw ticket volume. The big challenge: Merging security teams across borders: The main obstacle in bringing security teams together was that many business units across brands were not being managed directly by Munich’s security organization. Without full visibility into those environments, the integrated team couldn’t get a complete picture of the risks or provide the protection those units needed.To bridge that gap, Engelke and his team took several deliberate steps:
Roll out the necessary security tools for each team and train employees.Create integration playbooks to speed up future onboarding.Plan for full incorporation of all business units within two years, with the first wave of integrations already underway.But technical separation posed another obstacle. Munich’s business units had been operating on separate networks and domains, which meant no direct system access between them.The solution for this was twofold, according to Engelke. First, the team shifted to cloud-based tools that could be accessed from any environment; secondly, they implemented temporary cross-company accounts for short-term access until a unified network was in place.Taken together, these were key steps that allowed security teams to start collaborating earlier than expected. The impact: Efficiency gains with no layoffs: Perhaps the most notable achievement during the team integration was that no layoffs were required”, a rare outcome in large reorganizations. Every employee from the security teams remained in place, with cost savings coming from consolidating tools and outsourced services.And those savings will be substantial. By merging SOC operations, SIEM platforms, threat intelligence tools, threat hunting capabilities, and EDR systems, the company expects to save $4 million annually once fully implemented.The benefits didn’t stop at cost cuts. The integration also improved overall team expertise.”Before the project, one team excelled in digital forensics, another in threat intelligence, and another in proactive threat hunting,” says Engelke. “Now, the combined team functions at a high level in all three disciplines.”From the start, IT leadership knew that culture would make or break the project. It was a top priority that all IT and security employees felt valued in their new global roles and had opportunities to share ideas and contribute to the success of the overall team.”The integration is flourishing now with team members proactively collaborating and learning from each other,” says EngelkeFor its cybersecurity team integration project, Munich Re earned a 2025 CSO Award. The award honors security projects that demonstrate outstanding thought leadership and business value. Start where you can win fast, emphasize culture: For security leaders considering a similar consolidation, Munich Re Group offers the following tips:
Prioritize early wins: Full IT and security integration may take years, so start with functions that can merge quickly to build momentum.Invest in cloud-based tools that allow cross-network collaboration early on.Make culture central: Integration is as much about people as it is about systems.Create documented playbooks so each new integration follows a proven process.Celebrate successes along the way to keep teams motivated.”Don’t wait for the perfect environment to start integrating,” says Engelke. “Begin with areas that have fewer prerequisites, like threat intelligence, and let that success carry you through the more complex steps.” A blueprint for global security team integration: Munich’s Cybersecurity Incident Response Team Integration project is proof that large organizations can consolidate security operations without sacrificing employee morale or breaking the budget.By merging security teams, tools, and expertise, Munich Re Group not only saved money but also built a more cohesive defense against cyber threats.Inspired by Munich Re’s award-winning approach to cybersecurity? Join your peers at the CSO Conference & Awards to discover the strategies, tools, and insights that are shaping the future of security leadership. Register now.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4045510/munich-reinsurance-unites-global-security-teams-to-boost-resilience-cut-costs.html
