Industry: Insurtech and Financial Services
Organization: Lemonade
Security Leadership: Jonathan Jaffe - CISO
Product: Terra Security Continuous Pentesting
Background
Lemonade is a digital insurance company built on cloud-native infrastructure, automation, and AI-driven decision-making. Its platform enables customers to purchase policies, submit claims, and receive payouts with minimal friction.
Operating in a regulated financial environment, Lemonade must protect sensitive personal and financial data while continuously innovating its customer experience.
Security Leadership in a Regulated, Cloud-First Organization
Lemonade’s security leadership is responsible for balancing regulatory obligations with the company’s culture of rapid experimentation and automation.
Security controls must be scalable, auditable, and tightly integrated into engineering workflows, without slowing down product teams.
The Challenge: Fast Releases in a High-Trust Industry
Lemonade deploys frequently across a broad attack surface that includes customer-facing applications, APIs, and backend services.
Traditional penetration testing cycles were misaligned with this pace, often providing delayed feedback that was difficult to act on efficiently.
The security team needed a way to continuously validate exploitable risk while maintaining compliance and audit readiness.
Continuous Pentesting for Cloud-Native Insurance
By implementing Terra Security’s continuous pentesting platform, Lemonade embedded real-world attack simulation into its cloud environment.
This allows the security team to receive near real-time feedback on exploitable vulnerabilities as the platform evolves, enabling faster remediation and better alignment with development cycles.
Prioritization That Matches Business Risk
Continuous pentesting helps Lemonade focus on vulnerabilities that could realistically impact customers or business operations, detect in real time and remediate before they become exploitable.
This context-driven approach improves prioritization, reduces unnecessary work for engineering teams, and ensures security effort is applied where it matters most.
Supporting Compliance and Customer Confidence
As an insurtech company, Lemonade must demonstrate strong, ongoing security assurance to regulators, partners, and customers.
Continuous penetration testing provides evidence that security controls are actively validated, supporting compliance requirements and reinforcing customer trust.
Takeaway
Lemonade illustrates how cloud-native financial services companies can maintain strong security assurance while moving fast. By treating penetration testing as a continuous capability, Lemonade aligns security with innovation, compliance, and customer trust.
Continue reading
Be the first to experience the future of security.
Secure your spot by leaving your email
