*Reassuringly dull cyber security e: info@normcyber.comt: +44 (0) 203 855 6215

Case Study: Coveris

Back

Coveris choses CSaaS from norm. for comprehensive cyber risk protection

Coveris is a leading European packaging company that manufactures flexible and sustainable solutions for some of the world’s most respected brands. With €800M in annual sales, 29 production facilities, 4,200 employees and over 4,500 customers, the team has a broad level of technical expertise, and its high-quality packaging extends the lifecycle of products to help reduce waste and resource wastage. As a major industry player, the organisation works closely with its customers to produce new, attractive and sustainable packaging solutions.

In brief

  • Coveris needed to improve its level of cyber security protection and achieve visibility of its exposure to cyber risk across multiple sites in the UK and Europe
  • After opting for a managed security services partner as opposed to building an in-house function, Coveris chose Cyber Security as a Service (CSaaS) from norm. and has deployed the service across 29 sites in the UK and Europe
  • Coveris now has complete visibility of the strength of its cyber defences across its entire technology estate, and is committed to reducing its exposure to cyber risk on an ongoing and continual basis with support and guidance from the specialist team at norm.

The challenge
Like many manufacturing and supply chain companies, Coveris relies upon a number of technologies  including back office systems, industrial control systems, and supply chain management applications to ensure that its goods are produced and delivered to the exacting standards its customers expect. The operational disruption caused by a cyber attack which could compromise those systems has the potential to cause significant damage – not just in financial terms, but also to the company’s reputation. Minimising the risk of such an attack was therefore a critical priority for both technical and business leaders alike.

Coveris has also grown significantly as a result of multiple acquisitions, and now has 29 production facilities across Europe. Bringing together numerous disparate technology environments presents challenges from an operational, technical and cyber security perspective. One of the biggest issues for the technology team was the lack of visibility into the level of cyber protection across that estate.

Coveris has a cyber insurance policy in place, but in common with many other organisations has found that it is becoming increasingly complex and expensive to secure a policy, and to confound the issue the amount of cover available has decreased significantly. The team also recognised that while cyber insurance is worth having in the event of a breach, it is far more effective to put controls in place to minimise the risk of a breach in the first instance.

Following a review of the organisation’s overall exposure to cyber threats as a result of a change in leadership within the IT team, Coveris began evaluating options to reduce the likelihood of a future cyber breach.

The solution
When evaluating how to go about lowering its cyber risk exposure, the technology team had two options – invest in new products from its existing and potentially other vendors and hire a cyber security specialist to manage them, or outsource the entire cyber security operation to an external specialist.

Hiring someone to manage a cyber security function inevitably means investing not just in additional solutions but also in more people. It can be a time-consuming and costly exercise, particularly when the nature of the threat and the solutions available to counter it are evolving constantly. Deploying several different technologies also presents the challenge of finding a way to bring them all together to form a comprehensive view of how effective they are and how they are contributing to protecting the organisation as a whole.

“We quickly realised that we needed a cyber security partner that could give us the whole package – enterprise-grade technology, managed by a team of experts, accompanied by a straightforward way of understanding how well protected we are and what we can do to improve,” says Dominic Fraser, Corporate IT Director at Coveris. “One thing that was really important was the ability to consume data from multiple different cyber security products and use it to present a harmonised view of our entire technology estate. We spoke to partners large and small, and only norm. stood out as being able to satisfy our requirements – and in many ways, surpass them.”

Another feature of the CSaaS offering from norm. that particularly appealed to Dominic and his team was the modular nature of the service. This meant that they could prioritise the areas they felt presented the greatest risk – such as vulnerability patch management and threat detection and response – before moving on to tackle cyber awareness and phishing training for employees and achieving accreditation to industry-recognised standards like Cyber Essentials and IASME Governance.

“What we really like about the team at norm. is how open, transparent and helpful they are,” continues Dominic. “They took the time to listen to what we wanted to achieve and came back to us with a plan for how they would help us to get there, and to show us how the measures we put in place are actually making a difference. We have absolute confidence that the path we’re taking with norm. is the right one to manage our cyber risk to a level that the business is comfortable with.”

The benefits
One of the primary benefits of choosing CSaaS from norm. has been the ability to see, in near real-time, the impact the service is having on reducing cyber risk across the organisation. The online Visualiser platform allows Coveris to not only gain a high level view of the strength of its cyber defences in the form of the cyber stress score, but the team also has complete visibility of how well protected they are in each area – people, process and technology. In addition to empirical evidence in the form of real-time data, the tool also highlights key actions for improvement.

“What’s really helpful is that through the Visualiser platform we have a central reference point that we can use to ascertain how well protected we are at any time, and we can track our progress as we reduce our level of cyber risk over time,” adds Dominic. “I’m not aware of any other managed security service that would allow us to do that.”

Another tangible benefit is the knowledge that should a cyber breach occur, there is now a plan in place to respond to and mitigate its impact, and a team of experts on hand to help, via the Cyber Security Incident and Response Team (CSIRT) at norm.

“When we were agreeing our approach with the Board we were not only concerned with ensuring we are protected today, but also that we have a clear roadmap to improve in the future,” concludes Dominic. “Cyber security is more closely tied to revenue generation than ever before – especially as our own customers are starting to ask about the measures we have in place and how we make sure we’re not the weakest link in the supply chain. Sustainability is also a big focus right now, and in order to secure sustainability accreditation you have to be able to demonstrate that you’ve got your house in order, and are prepared should the worst happen. With norm., we can confidently say we’re addressing both.”

Moving forward, Dominic has his sights set firmly on rolling out the service further – for example by extending the cyber safety and phishing training to additional sites, and by standardising the company’s information management policies and procedures with a view to securing Cyber Essentials Plus accreditation. These measures form part of Coveris’s ongoing commitment to protecting its systems, data, customers and employees against cyber threats under the direction and guidance provided by CSaaS from norm.

Appointing NormCyber as our virtual DPO has given Ferrero the best of both worlds – access to data protection experts who understand what we stand for as a business, without the hefty overheads usually associated with appointing an in-house DPO.

Harpreet Thandi
Regional Counsel, UK & Ireland, Ferrero

We were looking for a virtual DPO service that offered all of the benefits of a fully qualified data protection lawyer, without the overheads of an in-house hire. The DPaaS solution from norm. has been invaluable in helping us to ensure we respect the integrity of our customers’ personal information, while using it to continue to deliver differentiated products and services which support our growing customer base.

Mike Whitfield, Compliance Manager
Marmalade

CSaaS allows me to step away from multi-vendor management as the Security Operations Centre coordinates all of the technology for me.

David Vincent, CTO
Perpetuum

We were in the market for an independent Data Protection Officer service that was well versed with both UK and EU regulators. We’re thrilled to have acquired this service knowing that an expert is available 24/7.

Suzanne McCabe, Head of Project Management
James Hambro & Partners

Norm’s penetration testing layer, along with the suite of CSaaS modules has enabled MA to exceed all its audit requirements for its major clients.

Rob Elisha, ICT and CRM Manager
Montreal Associates

The speed of your Data Protection Officer’s response was very impressive – it was far quicker than I would have expected even from an in-house DPO

Will Blake, Director of Technology and Analytics
CRU Group