The UK insurance sector operates at the intersection of financial stability, regulatory oversight, and large-scale data stewardship. From life and pensions to personal and commercial insurance, organisations in this sector manage highly sensitive customer information while supporting increasingly digital products and distribution models. Cybersecurity leadership within insurance is therefore tightly coupled to resilience, governance, and long-term trust.
The following CISOs represent senior security leaders shaping information security and resilience across some of the UK’s most significant insurance groups. Profiles focus on documented experience and scope of responsibility, without extrapolation beyond available information.
Paul Shaw — Group Chief Information Security Officer, Aviva
Paul Shaw is Group Chief Information Security Officer at Aviva, where he leads security across a large, complex global insurance organisation. His background includes building and transforming both first- and second-line security functions, as well as developing and leading high-performing teams.
His experience includes regular engagement with executive leadership, board committees, and regulators across multiple sectors. Shaw’s career reflects a focus on aligning security programmes with business priorities, risk appetite, and organisational culture, rather than operating security as a standalone technical function. His work centres on driving cross-functional change to embed security into broader enterprise decision-making.
Kyle Headley — Chief Information Security Officer, Phoenix Group
Kyle Headley serves as Chief Information Security Officer at Phoenix Group. His experience includes guiding global operational strategies, integrating new technologies, and delivering enterprise security and digital transformation programmes.
Headley’s background spans enterprise security, operational strategy, and business user experience, with a focus on minimising resource expenditure while improving performance. His role involves working across organisational layers to build consensus, maintain strategic partnerships, and support security initiatives aligned with broader business objectives.
Steve Donachie — Global Chief Information Security Officer, Allianz Partners
Steve Donachie is Global Chief Information Security Officer at Allianz Partners, where he leads the information security function for a global organisation operating across more than 40 countries. His experience spans over 25 years in cybersecurity leadership, security architecture, and enterprise security programme development.
In his current role, Donachie owns the global security strategy and roadmap, oversees distributed security teams, and manages vendor and technology partner relationships. His background includes sustained engagement with C-level and board stakeholders, with responsibilities covering security governance, resilience, and operational design at scale.
Emma Griffin — Group Chief Information Security Officer, Royal London
Emma Griffin is Group Chief Information Security Officer at Royal London. Prior to this role, she served as CISO at Aldermore Bank and held senior security leadership positions at Sky and Worldpay, including Deputy Group CISO and interim CISO roles.
Her experience spans financial services, media, and payments, with responsibilities covering security architecture, engineering, and group-level security leadership. Griffin also brings governance experience through non-executive trustee work, complementing her executive background in leading enterprise security functions.
Luke Steadman — Head of Cyber Defence, Direct Line Group
Luke Steadman is Head of Cyber Defence at Direct Line Group. His experience includes leading cyber security initiatives in fast-paced environments, with responsibility for improving security posture while delivering cost efficiencies.
Steadman’s background reflects a pragmatic approach to cyber defence, with an emphasis on aligning security activity with business resilience. His role includes developing cyber capability, managing risk reduction initiatives, and supporting the growth of security talent within the organisation.
Robert Rodger — Chief Information Security Officer, Admiral Insurance
Robert Rodger is Chief Information Security Officer at Admiral Insurance. With over 30 years of experience in banking and financial services security, his career includes building and leading security functions at scale.
Rodger’s experience spans executive leadership, board advisory roles, and mentoring. His approach focuses on establishing strong security fundamentals while driving systemic improvement through the use of intelligence, data, and automation. His work reflects long-term involvement in developing high-performing teams and effective security practices within regulated financial environments.
Securing Resilience Across UK Insurance
Cybersecurity leadership in UK insurance extends beyond technical defence, encompassing governance, regulatory engagement, and enterprise resilience. The CISOs featured here bring experience across global operations, regulated financial services, and large-scale transformation programmes. Their roles highlight how information security within insurance is closely tied to trust, continuity, and the sustainable operation of complex financial institutions in an evolving risk landscape.