Zurich Seguros Turns Software Security into a Competitive Advantage
Zurich Seguros embedded security earlier in development with Veracode, reducing risk, improving delivery speed, and building a scalable application security program across its Azure DevOps environment.
“In practice, SHIFT LEFT 360° brought concrete changes to the teams’ routines. We started identifying and addressing vulnerabilities much earlier, reducing rework, increasing operational efficiency, and improving product delivery. The partnership with Veracode was essential to accelerate this evolution and provide technical support for our growth in application security maturity.”Igor Araújo EspósitoBISOZurich Seguros
Building Security into Digital Growth
As Zurich Seguros expanded its online products and services, application security had to scale with the business. The company needed to move beyond reactive security checks and make secure development part of everyday engineering.
By partnering with Veracode, Zurich launched SHIFT LEFT 360° — Cloud, Code & Culture, integrating automated security testing into its development lifecycle and enabling teams to find and fix flaws earlier.
The Challenge
Security checks happened too late
Zurich’s prior application security process created friction for development teams. Vulnerabilities were often identified near production, which increased rework and delayed releases.
Key challenges included:
Late-stage remediation: Flaws discovered close to production caused costly interruptions.
Low developer engagement: Development teams needed more ownership, enablement, and actionable security guidance.
Manual processes: Security reviews were inconsistent and hard to scale.
Limited scan coverage: Low adoption and coverage created a growing backlog of unresolved flaws.
Misaligned priorities: Fixes were often ranked by technical severity rather than business impact.
Zurich needed a proactive model that supported fast delivery, compliance, and digital trust.
The Solution
SHIFT LEFT 360° integrated security across cloud, code, and culture
Zurich partnered with Veracode to build a comprehensive application security program for its cloud-native solutions.
The program integrated Veracode’s Software Security Platform into Zurich’s Azure DevOps environment, helping teams scan earlier and act faster across the software development lifecycle.
Zurich adopted:
Static Analysis (SAST) to identify flaws in source code.
Software Composition Analysis (SCA) to manage open-source risk.
Dynamic Analysis (DAST) to test running applications.
Veracode eLearning to provide targeted, on-demand developer training.
Security was also embedded into team culture through a Security Champions Program. Each squad appointed a champion to translate risk into product impact and support secure coding practices. Gamification, leaderboards, and executive recognition helped drive adoption across teams.
The Results
Secure development became a measurable business advantage
With Veracode and SHIFT LEFT 360°, Zurich transformed application security from a bottleneck into a scalable business capability.
The results were clear:
99% developer adoption
70% reduction in audit findings
Approximately R$ 2 million in cost avoidance in the first 90 days
90% improvement in change time for critical releases
Time to fix new flaws reduced to under 30 days
Application scan coverage increased from 20% to 99%
Policy compliance increased from 20% to 99%
Policy compliance increased from 20% to 99%
Zurich also simplified audits with centralized dashboards and automated evidence, making security a continuous process and supporting ISO 27001 compliance.
Secure Software. Faster Delivery. Measurable ROI.
Zurich Seguros built a sustainable model for secure innovation by pairing automated application security with developer enablement and cultural change.
Download the full customer story to see how Zurich and Veracode made software security a competitive advantage.
