Security and Innovation in 2026

This article is an excerpt from the P&C Insurance Leaders’ Outlook 2026.

Security is top of mind for Lava Jois. As CTO, he oversees Cogitate’s security posture, while deeply engaged in product innovation, making sure security is a priority across the platform. Whether spearheading our Data Project or Agentic AI initiatives, he’s inserting security measures into the development and implementation of the DigitalEdge Insurance Platform.

Michael: For 2026, what do you think is coming down the pike in terms of security?

Lava: I think a lot of it is the general, foundational security issues that we have to take care of and that everyone has to address. Things like making sure our infrastructure is secure and our applications are secure. These are areas that have to be continuously worked on. There will always be new threats and new issues that come up, and we have to react quickly while also proactively addressing some of those risks. That is one part of security that is never really changing or ending. It is something we always have to work on.

There are also regulatory considerations that will have implications on how we operate from a security standpoint. For example, there is an MFA mandate across everything. As part of that, people are moving toward passwordless authentication. Traditional MFA can create user experience challenges, like requiring a mobile phone for two-factor authentication, so there is a push to reduce that friction. Passwordless authentication and similar approaches are becoming more common, and those are changes we need to
adapt to.

In addition, with AI, there are new challenges. These include limiting data exposure to AI, preventing prompt injection, and addressing new security threats that come with emerging technologies.

Broadly, I would classify our focus areas into three categories. The first includes core security measures like infrastructure security and encryption. The second is adapting to new authentication methods and regulatory requirements. The third is addressing AI-related security concerns.

Michael: How do you think about resiliency?

Lava: That is an important point. Building resiliency into our infrastructure is critical. As we have seen over the past year, when cloud providers go down, it can impact us as well. We need to build resiliency in a way that avoids disruptions for our customers, while also making sure it is implemented securely. There is a lot happening in the security space, and these are some of the key areas that come to mind.

Michael: Do you think security should be a priority when selecting a technology partner, especially as AI continues to move quickly?

Lava: Absolutely, Michael. When selecting a technology partner, security is a very important consideration. As a provider, we need to demonstrate how secure our systems are. That includes things like having a zero-trust architecture and ensuring every layer of our system is protected, as well as clearly showing how we safeguard customer data. Certifications such as SOC 2, which we have completed, are also important indicators. They help demonstrate the maturity of an organization’s security posture.

Michael: So it is not just about growing the business or expanding quickly. It is also about doing it securely. Do you think security should be a priority when selecting a technology partner, especially as AI continues to move quickly?

Lava: Exactly. It is about enabling growth while maintaining security, without compromising user trust. We have to be good custodians of our customers’ data.

Would you like to connect with a member of our team? Reach out to our experts today.