Case Studies //Cyber Security //

Flamingo Group International – Incident Readiness Assessment

Global horticulture leader tests and strengthens its cyber resilience with NormCyber’s NCSC-assured Incident Readiness Assessment

Flowers in the background with the Flamingo international logo in the middle

Flamingo Group International, the world’s largest supplier of fresh cut flowers, operates a vast and complex global supply chain. With 1,300 hectares of farmland and partnerships with 900 growers across 19 countries, its 22,000-strong team help deliver its products daily to major supermarket chains throughout the UK and Europe.

Operating at this scale requires robust cyber resilience. To proactively test and strengthen its defences, Flamingo partnered with NormCyber, adopting the NCSC-assured Incident Readiness Assessment service to simulate realistic cyber attacks – ensuring its business remains ready for evolving threats.

In brief

  • Operating a complex global supply chain, Flamingo is always working to lower its cyber risk exposure and proactively enhance its cyber resilience
  • Based on a trusted multi-year partnership, Flamingo adopted NormCyber’s Incident Readiness Assessment to test preparedness against modern attack scenarios
  • NCSC-assured cyber exercising gave the UK leadership team clarity, confidence, and actionable insight — driving improvements in cyber and operational resilience

 

Book a meeting

From crisis response to long-term partnership

Flamingo first engaged Norm in 2021, following a cyber attack that exposed critical gaps in its defences. What began as a reactive engagement quickly developed into a strategic partnership. Today, Norm’s Cyber Security Managed Service covers the full spectrum of security for Flamingo, including threat detection and response, vulnerability management, human risk management, penetration testing and compliance services.

Richard Baker, Flamingo Group IT Director, explained: “Norm has made a huge positive impact from day one. We track our cyber resilience score in Smartbloc and have seen tangible improvements and clear ROI. For example, Norm halved the number of vulnerabilities facing our operations in less than 10 months. Their deep understanding of our business and pragmatic advice are invaluable.”

With core improvements in place, Flamingo was ready to take the next step: testing response capability under live-fire conditions.

Testing cyber preparedness with Incident Readiness Assessment

NormCyber recommended its Incident Readiness Assessment, a CREST-accredited, NCSC Level 2 certified service enabling Flamingo’s leadership team to rehearse their response to sophisticated cyber attack simulations.

The one-day workshop brought together key leaders from Flamingo UK, including heads of cyber security, business systems, infrastructure, and service delivery.

Participants were challenged to execute their roles and responsibilities across a series of escalating scenarios from the compromise of a single device to a full-scale ransomware attack. Norm provided controlled injects to simulate real-world conditions and evolving threat dynamics, enabling the team to practise real-time decision-making under pressure.

Baker reflected: “When Norm recommended running cyber incident exercises, it immediately resonated with us. We were confident in the Cyber Incident Response plan we’d built with Norm and the defensive capabilities we’d established, but we recognised that cyber criminals never stand still, so we were keen to test our preparedness against the latest attack scenarios.”

“It was a completely unique experience. We tested our policies, leadership clarity, and natural team responses under stress. It was reassuring to see our policies and standards hold up against all types of attacks and that our senior leaders were confident and clear on their roles and responsibilities even when placed under extreme pressure. However, the exercise also highlighted areas for fine-tuning.”

Turning insights into real business change

The assessment validated Flamingo’s strong capability to handle major attacks. However, it also revealed areas where responses to smaller, more ambiguous incidents could be improved.

“Norm’s Incident Readiness Assessment showed us that our response to major attacks is spot-on – we acted decisively, in unison and effectively. However, our approaches varied in the case of smaller-scale incidents, where the signs were less immediate and more nuanced and ambiguous. These situations fostered lively debate and gave us brilliant insight into areas where we can refine our strategy,” Baker said.

Following the assessment, Norm delivered a clear, actionable report outlining specific steps to further enhance Flamingo’s cyber readiness and resilience. These recommendations are now driving updates to Flamingo’s:

  • Incident playbooks — incorporating more practical, scenario-based examples
  • Internal training and knowledge sharing — to ensure consistent response across all incident types
  • Human risk management and employee onboarding — embedding best practices from day one

Beyond formal updates, the assessment also had a wider-reaching impact. Participants have since run their own internal sessions to share learnings across teams, reinforcing a culture of continuous improvement. Flamingo is also enhancing internal communications and its employee induction process to strengthen human risk management — a vital component of its overall cyber and operational resilience.

These improvements are being actively monitored through NormCyber’s performance dashboard, Smartbloc, alongside the real-time metrics and reporting provided by Norm’s Cyber Security Managed Service.

Encouraged by the success in the UK, Flamingo now plans to roll out the service to other geographies, building cyber readiness into global business operations.

A trusted partnership delivering real-world value

In closing, Baker concluded, “We were really impressed with Norm’s cyber incident exercising programme and its subsequent impact on our business. To do something similar internally would be akin to marking our own homework. Norm provides a vital external perspective, backed by the highest industry standards. Norm also knows our business inside and out, so it can select the most relevant attack scenarios, tailored to our needs, and later advise on how to put theory into practice. We look forward to continuing this strong partnership.”

Results at a glance:

  • Vulnerabilities halved in under 10 months
  • Senior leadership tested against realistic cyber attack scenarios
  • Practical improvements made to playbooks, training, and risk management
  • Global rollout planned to embed resilience group-wide

Get in touch to take a
different approach to cyber security.

Book a meeting

Insights //

More of the latest insights & articles.

city scape with chamber and partners logo

Chambers and Partners

Customer Success

GDPR Compliance: An overview of International Data Transfers

Events

NormCyber Threat Bulletin: 23rd October 2025

How to Quantify & Build Cyber Resilience: Lessons from the Front Line

Events
image with the words - From Readiness to Resilience NormCyber Achieves NCSC CIE Assurance. and the NCSC badge

NormCyber becomes Assured Service Provider of the NCSC Cyber Incident Exercising (CIE) Scheme

News
Flowers in the background with the Flamingo international logo in the middle

Flamingo Group International – Incident Readiness Assessment

Customer Success
See All Insights