Flamingo Group International


norm. has been working with Flamingo Group International, the world’s largest grower of cut roses, since 2021 to help protect its global operations from cyber attack.


Founded in 1982, Stevenage-headquartered Flamingo grows and supplies a wide range of fresh flowers, premium produce and plants to the UK’s major supermarkets as well as to retailers across continental Europe. The group of companies – which comprises Flamingo Horticulture, Omniflora, Afriflora and Bigot Fleurs – employs a team of more than 22,000 based in the UK, France, the Netherlands, Germany, Ethiopia and Kenya. As well as farming 1,300 hectares of its own land, it also works with 900 partner growers in 19 different countries to deliver the freshest products to market each and every day.

In brief

  • As a high-volume supplier of perishable goods, it is vital that Flamingo’s IT infrastructure is as resilient as possible; any disruption to operations would come with a high financial impact. This makes cyber security a top priority
  • norm.’s award-winningmanaged service, smartbloc. provides a wide range of cyber security modules which can be tailored to meet an organisation’s commercial requirements
  • With smartbloc., Flamingo’s multinational, group-wide operations are monitored around-the-clock, minimising the risk of attack

The challenge

When it comes to cyber attacks, it is no longer a case of ‘if’ an organisation will be targeted by criminals but ‘when’, as Flamingo found out in late 2020, when part of its infrastructure was infiltrated by hackers. While the group was able to restore operations, some of its services suffered disruption.

This attack was a watershed moment for the organisation. To minimise the chance of something similar happening again, the group’s senior management team and investor, Sun Capital, spearheaded a strategic review into the way Flamingo secured its IT infrastructure. It was vitally important that the group was on the front foot in case of future attacks.

As a specialist in perishable goods, Flamingo must ensure all its flowers, plants and produce reach their destinations in peak condition, and in the shortest possible timeframe. Any disruption to this process – however short – could have a large financial impact on the business. 

As Flamingo’s Head of Group IT Security & Compliance explains, “The nature of our business means we only have a short window of time to get our products from the grower to supermarket shelves; a journey that often spans continents. If a cyber attack or any other type of incident interrupts this distribution process, our produce and flowers go to waste, which comes with a big financial hit to us and our partners.”

An additional challenge for Flamingo is that the group is made up of several business units, some of which joined via acquisition. Each acquired company came with its own technology stack and processes, with differing levels of cyber maturity. However, as all the sister companies now work closely together, an attack on one could have repercussions across the entire group. It is crucial that there is a consistently high approach to cyber security across all units.

Furthermore, Flamingo’s customers – Europe’s biggest supermarkets – place stringent demands on all their suppliers, as they are not prepared to take any unnecessary risks with their own supply chains. To win and retain these valuable, high-profile contracts, Flamingo must be able to prove that its security strategy aligns with industry best practices and that its infrastructure is robust enough to withstand future incidents.

“Our cyber security tools and controls come under close scrutiny whenever we begin a tender process,” continues Flamingo’s Head of Group IT Security & Compliance. “Having a robust security strategy has become absolutely mission-critical as we enter into discussions with their procurement teams.”

The solution

With only limited in-house resources, in early 2021, Flamingo took the decision to appoint a managed security service provider (MSSP) which could partner with the company to introduce best practices and provide round-the-clock services.

Sun Capital recommended norm. as it was already successfully providing specialist cyber security services to other companies within its portfolio. norm. was invited to participate in a competitive tender and was subsequently appointed by Flamingo to deliver its award-winning Cyber Security-as-a-Service (CSaaS) offering.

norm.’s initial focus was on Flamingo’s operations in the UK, the Netherlands and Kenya. Its expert team – led by Chief Technology Officer, Paul Cragg – baselined Flamingo’s cyber security posture in these three countries, and subsequently made recommendations about how to close any gaps posing a risk to operations.

As Flamingo’s Head of Group IT Security & Compliance says, “Having the CTO directly involved in the roll-out of the service was an excellent experience. The whole process was smooth and easy, and we saw an immediate, positive impact. Paul and his team did a fantastic job of keeping us informed of how the deployment was progressing and provided plenty of actionable advice on how we could improve and maintain our security posture.”

Following on from this initial success, Flamingo soon extended norm.’s scope of work. Today, it also provides services to business units in Ethiopia and Germany, so that operations across the wider group now follow consistent policies and procedures.

Service overview

norm.’s managed service, smartbloc. comprises a range of service modules that customers like Flamingo can select depending on their own unique security requirements. For Flamingo, these modules include:

  • norm.’s Threat Detection & Response service monitors Flamingo’s network, services and devices on a 24/7/365 basis. Delivered from norm.’s CREST-accredited UK-based Security Operations Centre (SOC), this service identifies and isolates threats in real-time, with pre-agreed custom playbooks for round-the-clock remediation
  • Regular Penetration Testing of Flamingo’s infrastructure, to assess its defences
  • Cyber Safety and Phishing Service training is delivered to all Flamingo employees to ensure they do not put the business or themselves at risk
  • Vulnerability Management continuously monitors the network and all end-user devices for known vulnerabilities
  • Custom Performance Dashboard which provides Flamingo’s management team with easy-to-digest information and real-time visibility of its cyber posture from any device. This includes an industry first Cyber Resilience Score, an at-a-glance measure of the group’s cyber health, together with more detailed and action-orientated Board Reports, which can help Flamingo prioritise its cyber investments.
  • Access to norm.’s Cyber Security Incident Response Team to help minimise the impact of cyber security and data breaches, if or when the need arises
  • Compliance Services to help acquire ISO 27001 accreditation

The benefits

With norm., Flamingo has access to a multidisciplinary team of cyber professionals, each of who brings their own expertise to the table. This team includes a dedicated Focal Analyst, who is the first point of contact for Flamingo’s Head of Group IT Security & Compliance and the wider Flamingo team.

As Flamingo’s Head of Group IT Security & Compliance explains, “Our Focal Analyst has invested a great deal of time into understanding our different business units’ IT environments, as well as their processes and procedures. This means that – as well as being on-hand to answer any questions we might have – he often comes to us with proactive advice about how we can bolster our strategy. This could be instructions on which patches to apply, which tools to assess, or how to refine our processes. Because norm. understands how we work; its guidance is always practical and valuable.”

Flamingo have also worked with the Cyber Security Incident Response Team, following an unsuccessful attempt by hackers to gain access to one of the business unit’s networks. “The incident response team was extremely helpful, jumping into action to help us secure our operations and then undertaking thorough post-event forensics. The team played an instrumental role in fending off this attempted breach and its insights mean we’re now even better placed to withstand further attempts.”

Most recently, Flamingo began working with norm.’s compliance experts to achieve ISO 27001 certification, which will streamline the procurement process with its supermarket customers. As Flamingo’s Head of Group IT Security & Compliance explains, “We are now working closely with norm. to gain ISO accreditation, starting with three business units but eventually for all parts of the group. Once we’ve achieved this gold standard, bidding for big supermarkets’ business will become much easier. norm.’s assistance is important from both a strategic security and business perspective.”

Flamingo has also been keen to set metrics to measure the effectiveness of its new security strategy. At the outset of the relationship, the cyber risk management specialist undertook a spot check on Flamingo’s entire environment to identify all vulnerabilities. As As Flamingo’s Head of Group IT Security & Compliance sets out, “Once we had this baseline, we could set some goals about reducing the number of vulnerabilities in our environment. We continue to keep a close eye on this metric to make sure it’s always trending downwards.”

The group also recognises that good security requires much more than technology; it also relies on its colleagues and employees to adhere to safe computing practices. While the group has always run ad hoc training courses, with norm.’s Cyber Security and Phishing Service, employees now have access to bite-sized online courses and Flamingo can track and measure participation in these sessions.

Another key feature of norm.’s service is the Cyber Resilience Score, which provides Flamingo stakeholders with a real-time indication of the group’s cyber resilience. Covering technology, people and processes, Flamingo strives to ensure this score remains as high as possible, and consequently, is working in collaboration with norm. to make the metric even more valuable.

As Flamingo’s Head of Group IT Security & Compliance explains, “Whatever you measure improves, and that is certainly the case with our Cyber Resilience Score, which has become a strategic indicator of risk across our organisation. We’re now working with norm. to understand how future projects – for example, ISO compliance – will impact our score over time. This level of information will help build the business case for new tools and initiatives as we’ll be able to predict the difference they could make to our operations.”

The relationship between Flamingo and norm. continues to go from strength to strength. In addition to the ongoing ISO certification, Flamingo is also working with norm. to beta test new automated services, which will enable the SOC team to automatically mitigate threats without the need for Flamingo personnel to get involved. 

For Flamingo’s Head of Group IT Security & Compliance, there are multiple benefits to the service: “The norm. team has been great from day one. They listen to what we want and adapt their services to meet our needs – it is a very collaborative relationship. What’s more, its service is delivered at a price point that is highly competitive, offering us tremendous value. Our experience has been so positive that norm. has now become the preferred cyber security provider for all Sun Capital portfolio companies, which is testament to the excellent service it consistently delivers.”