Security Awareness as a Service - Swiss health insurance company

Security Awareness as a Service - Swiss health insurance company

Security Awareness Campaigns - Success Story at Swiss Health Insurance: Thumbnail for a white paper with tips on implementation.

Success Story

Information security is an important aspect of day-to-day business in the Swiss health insurance company. A number of measures were already in place to increase information security for employees and customers. However, security is an ongoing process that requires continuous attention. So, the security department of the health insurance company and a consultant from TreeSolution Security Awareness AG have been working together for the best possible results.


People trained

> 2,000 employees




all of Switzerland

Duration of collaboration

18 months so far and continuing, 0.2 Full Time Equivalent (FTE)

Security as a Service

Concept creation and planning of the implementation, support in the implementation of awareness measures, phishing training service

Security Awareness Club

E-learnings, Security Awareness Radar®, training materials

Security Awareness Survey

Before and after the campaign with the Security Awareness Radar®

What’s it like to work together with TreeSolution?

The first step was to determine the current status of information security using TreeSolution’s Security Awareness Radar®. Next, TreeSolution’s Security Awareness as a Service provided support for actions for improvement. These included:

  • Create concepts
  • Customize training materials
  • Create information on the subject of information security
  • Create a roadmap with implementation measures

To expand and professionalize its own training material, the health insurance company became a member of the Security Awareness Club. This gave the company access to all of TreeSolution's training material. The Security Awareness Club is designed for companies that have little or no awareness material of their own but would still like to successfully train their employees. The material can be used flexibly as required for campaigns in the company, thus enabling continuous training and awareness.

The goals

The aim of the initiative was for all employees to assume responsibility for security in their working environment and to act appropriately when handling data and information. This was achieved through recurring and complementary measures on different channels (e.g., e-learning, security blog, intranet news, quizzes, presentations).

A memorable brand design on all of the media for the initiative was important in order to give the initiative a visual identity and thereby support the employees in better internalizing and implementing what they had learned. The topics were important, and their communication was therefore made appealing, so that the activities had a lasting effect, and the security culture was improved. Before the initiative, a measurement (Security Awareness Radar®) of the security culture was carried out, to be repeated after the end of the initiative.

The goal of the security awareness and support in the form of Security Awareness as a Service was to improve information security and train all employees. TreeSolution supported the health insurance company in advising and implementing security measures based on the results of the Security Awareness Radar® survey. TreeSolution worked with representatives from the departments to develop a common basis for implementing the initiative and made sure that everyone involved followed through on their commitment to work together.

The collaboration

The collaboration between the health insurance company and TreeSolution included the following:

  • Creation of the program for information security, data protection, awareness, and training as well as the associated roadmap for 18 months.
  • Implementation and evaluation of the Security Awareness Radar®.
  • Creation of the communication plan with topics for news and blog posts, based on the employee feedback from the survey.
  • Preparation and implementation of the kick-off workshop with all stakeholders.
  • Involving employees in finding the slogan for the “Information Security & Data Protection” awareness initiative.
  • Support in branding the initiative with logos and image.
  • Revision and launch of the intranet site for the awareness initiative.
  • Writing news and blog posts.
  • Redesign of the introduction of the security department during the Welcome Days (introductory days for new employees). The presentation was made more interactive and entertaining. Based on various tricky situations that are told in the style of a thriller, new employees discuss case studies of information security.
  • Compilation of the security toolkits (short presentations).
  • Addition of the "Golden Rules" for a digital brochure and blog posts.
  • Adaptation of e-learning to customer requirements.
  • Conducting the phishing training with simulated attacks with fun resolutions.

An important part of the awareness initiative was the involvement of employees, departments, and management. The employees submitted ideas for the slogan and then chose the winner. The departments helped with the implementation and provided information and ideas for measures where necessary. A representative from management was the overall sponsor of the initiative.

Results and benefits for the health insurance company

The collaboration between the health insurance company and TreeSolution was crucial for the successful start of the initiative. It allowed the health insurance to minimize use of its precious time resources. TreeSolution kept the ball rolling with effective preparatory work and the coordination of the work packages. It was important to strike the right balance between "roadmap implementation and day-to-day business requirements" while not losing sight of the initiative's goals.

The results of the Security Awareness Radar® provided a detailed picture of information security and security awareness among employees. In addition, it became clear which topics and target groups needed priority training in order to increase security awareness in the company and to anchor information security in the corporate culture. This knowledge was integrated into the information security program, the news, and blog posts as well as other training material.

Thanks to the professional support in the form of Security Awareness as a Service and to the material from the Security Awareness Club, the health insurance company was able to start the initiative professionally and quickly.

The initiative was welcomed by employees. Many good suggestions were submitted, especially for the slogan. They also participated diligently in voting for the choice of slogan. The survey with the Security Awareness Radar® was also well received by the employees. They really appreciate that the health insurance company is so active in the area of information security and data protection.

All measures planned and implemented to date promote a security-conscious corporate culture and thus contribute to the “human firewall”. Through a holistic and continuous learning journey over a longer period of time, knowledge about information security is being constantly expanded and the security awareness culture is being established.

Customer quotes

“Thanks to the support of TreeSolution, we have taken a big step forward in the area of awareness - now it's important to stay on the ball.”
CISO of a Swiss health insurance company

A robust security culture is fundamental and needs to be consistently repeated and promoted - many thanks for the survey.”
An employee’s comment in the Security Awareness Radar® survey

Next steps

To leverage further the potential for improvement, the collaboration is being extended by a further 12 months. An overall program for information security is being created to continue a successful learning journey.

A further measurement with the Security Awareness Radar® will be used to determine how sustainably the campaigns have been received by employees and in which areas further measures and training are required.

The branding with logo, images, etc. will be used for further actions and campaigns to capitalize on the value of the brand recognition and thus promote security awareness even better.


Security Awareness für Ihr Unternehmen

Sind Sie bereit, die Security Awareness in Ihrem Unternehmen aufs nächste Level zu bringen?

Der erste Schritt ist ganz leicht:
Vereinbaren Sie gleich ein kostenloses Beratungsgespräch.

IT Sicherheit: Schwarz-Weiß-Portrait von Thomas Schlienger, Inhaber von TreeSolution.

Dr. Thomas Schlienger
CEO und Inhaber

Kostenloses Beratungsgespräch

Wenn Sie Unterstützung benötigen, schreiben Sie unter „Mitteilung“ eine kurze Beschreibung des Problems.

Vielen Dank! Wir beantworten Ihre Anfrage rasch möglichst.
Hoppla! Beim Absenden des Formulars ist etwas schief gelaufen.

Bitte kontaktieren Sie uns direkt unter


Security Awareness for your company

Are you ready to take security awareness to the next level in your business?

The first step is easy:
Arrange a free consultation now.

IT Security: Black and white portrait of Thomas Schlienger, owner of TreeSolution.

Dr. Thomas Schlienger
CEO and founder

Free consultation

If you need support write a short description of the problem in the “Message”.

Thank you very much! We will answer your request as soon as possible.
Oops! Something went wrong when submitting the form.

Please contact us directly at