Cloud Cover for Insurers: How RDT Secured Its Future with Rapid7

RDT’s transformation reflects a broader industry trend: mid-sized technology firms supporting regulated sectors must now deliver security outcomes with the same rigor and transparency as tier-one providers, without inheriting their scale or inefficiencies.

RDT is no stranger to change. As a software provider for the insurance sector, the company has evolved from a traditional software vendor to a modern managed services provider. Today, RDT delivers a combination of cloud-hosted and SaaS-based solutions, tailored to the needs of a highly regulated market - one that increasingly expects robust cybersecurity foundations and demonstrable operational resilience.

For Laurence Hudson, Director of IT and Client Services, building that foundation became a priority as regulatory scrutiny began to extend into the technology providers supporting the insurance sector. Drawing on his background in banking where operational resilience was already front and center, Laurence anticipated growing pressure from regulations like DORA and used that momentum to drive executive awareness and investment in risk mitigation.

Making the case for cyber maturity

RDT operates with the agility of a lean technology firm while delivering capabilities expected from far larger providers. With a disciplined internal team and a maturing technology estate, RDT sought a security partner that could accelerate its programme at scale, without unnecessary headcount expansion.

“We’re around a hundred staff,” Laurence explained. “Providing round-the-clock security across a mixed estate of cloud services and established systems wasn’t something we could sustainably deliver in-house.”

Laurence began exploring the market. He wanted more than just tools, he was looking for a partner who could provide holistic visibility, help his team identify blind spots, and support evolving compliance needs. After connecting with Rapid7 at an industry event and learning more about their integrated approach to security, he was drawn to what he called a “well-defined ecosystem” that prioritized outcomes over tooling.

From visibility to confidence

RDT first adopted Rapid7’s InsightVM for vulnerability management, laying the groundwork for a broader security transformation.

“We were already starting to look at improving how we responded to external vulnerability and internal vulnerability management,” said Laurence. “That gave me a good foundation to build on.”

The next step was Managed Detection and Response (MDR), which offered around-the-clock threat monitoring and expert support – a necessity in light of what it would cost to bring in more skilled staff and keep eyes on their entire environment 24x7x365

“The onboarding process for us was really key,” said Laurence. “Having the expertise from Rapid7 helped guide and shape the direction of what was really helpful for us.”

Because Rapid7’s native next-gen SIEM and XDR technology is used to deliver the service, the results were immediate. There was no multi-week wait to stand up a third party SIEM, begin collecting telemetry, and responding to alerts. RDT now had 24/7 monitoring, a clear view of threats across its environment, and an embedded team ready to respond.

Cutting through the noise

With Rapid7’s Exposure Command, RDT gained a deeper understanding of its attack surface and how to prioritize what matters most.

“At the outset, we recognised the need for deeper visibility across our estate to support better-informed, risk-prioritised decisions,” said Laurence. “Bringing that together within the Rapid7 platform has helped give us a much better understanding of what we have so that we can make critical decisions around how that works.”

RDT moved away from traditional CVSS scoring and into more real-world risk-based decision-making. “The Command platform’s absolutely been helping us try and filter that noise down and really focus our efforts because we don’t have a huge team.”

He also recalled a moment of validation during his first service review after onboarding MDR.

“The very first service review that I did after onboarding with the MDR solution showed the volume of log ingestion that was coming in, and I could turn around and go, that is why we weren’t doing this before,” he said. “It is incredibly challenging to do without something that’s across all this estate.”

With Rapid7’s team monitoring activity across their environment and escalating only what mattered, RDT was no longer drowning in low-value noise. The shift gave Laurence’s team the clarity and capacity to focus on strategic improvements without needing to scale headcount.

Supporting clients with enterprise-grade security

Even though RDT itself isn’t directly subject to DORA, its customers are. And those customers were beginning to ask tough questions about incident response and operational resilience.

“We were getting a lot of operational resilience questionnaires coming across our desk,” Laurence said. “Being able to play those conversations back and to give what are some fairly large insurers assurance that even as a small organization, we are providing enterprise-grade security posture and response, I think, has been an invaluable aspect that we got from being on the Rapid7 platform.”

The partnership with Rapid7 enabled RDT to not only meet expectations, but to communicate trust and maturity in a competitive market.

“This allows us to act with a level of assurance and really push a degree of trust that we take this thing seriously, because we know that we are backed by Rapid7.”

Enabling the future, securely

Now that foundational capabilities are in place, Laurence and his team are thinking long-term. With support from Rapid7, they’re building security into developer workflows, strengthening application security, and shifting from compliance reaction to proactive resilience.

The security partnership has also created space for the team to focus on strategy. “The MDR solution that we have provides a level of peace of mind that we have a firm foundation,” said Laurence.

Planning for the unknown

When asked about preparing for the future, Laurence was clear: get the basics right and empower your people.

“I think the thing that is critical as a strategic leader, particularly in the security space at a time where AI is accelerating and making things so uncertain, is making sure you’ve got your basics right and you’ve got a good partner network.”

He’s also a believer in making security accessible, especially when it comes to boardroom conversations.

“Risk is not a cumbersome thing that, if you do it right, stops your business. It should be there to empower you to do things.” Rapid7 is here for that.